Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis + DDS log - Need help!


  • This topic is locked This topic is locked
21 replies to this topic

#1 abckid24

abckid24

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 April 2012 - 12:20 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:12:51 PM, on 4/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 95.172.192.86:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11117 bytes

================================================================================


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Anthony at 13:18:25 on 2012-04-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4149 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 95.172.192.86:80
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Anthony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Anthony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{67E48D78-0D26-49FD-9890-CE499247B7E5} : NameServer = 192.168.1.1,68.237.161.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=110482&mntrId=94cdf12a00000000000008863b0fc749&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.hardId - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:07:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avfsmn;avfsmn;C:\Windows\system32\DRIVERS\avfsmn.sys --> C:\Windows\system32\DRIVERS\avfsmn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-2-3 296232]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\avhips.sys --> C:\Windows\system32\DRIVERS\avhips.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-30 2916736]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 V0740Vid;Rocketfish HD Webcam Pro Driver;C:\Windows\system32\DRIVERS\V0740Vid.sys --> C:\Windows\system32\DRIVERS\V0740Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-14 1153368]
S2 SkypeUpdate;Skype Updater;C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253088]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-11-29 245760]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-14 17:06:21 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2012-04-14 17:06:21 -------- d-----w- C:\Windows\RemotePackages
2012-04-14 17:04:49 388096 ----a-r- C:\Users\Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-14 17:04:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-14 16:43:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-14 16:25:27 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Spyware Terminator
2012-04-14 16:25:27 -------- d-----w- C:\ProgramData\Spyware Terminator
2012-04-14 16:24:57 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2012-04-14 16:17:45 -------- d-----w- C:\Users\Anthony\AppData\Local\VS Revo Group
2012-04-14 16:04:15 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-04-14 16:04:13 -------- d-----w- C:\Program Files\VS Revo Group
2012-04-14 15:44:43 24360 ----a-w- C:\Windows\System32\drivers\avhips.sys
2012-04-14 15:44:43 20264 ----a-w- C:\Windows\System32\drivers\avfsmn.sys
2012-04-14 15:44:36 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-14 15:43:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-14 15:43:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 15:37:18 -------- d-----w- C:\Users\Anthony\AppData\Roaming\.clamwin
2012-04-14 15:37:07 -------- d-----w- C:\ProgramData\.clamwin
2012-04-14 15:37:07 -------- d-----w- C:\Program Files (x86)\ClamWin
2012-04-14 15:29:52 -------- d-----w- C:\Users\Anthony\AppData\Local\Immunet
2012-04-14 13:31:57 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-14 13:30:51 -------- d-----we C:\Windows\system64
2012-04-14 10:28:39 -------- d-----w- C:\Users\Anthony\AppData\Roaming\RealNetworks
2012-04-14 04:24:06 892928 ----a-w- C:\Windows\SysWow64\Activelock3.6.dll
2012-04-14 04:24:06 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx
2012-04-14 04:24:01 2221568 ----a-w- C:\Windows\SysWow64\csXImage.ocx
2012-04-13 20:11:03 -------- d-----w- C:\Users\Anthony\Torrents
2012-04-13 12:29:13 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D498C7A7-47C7-431B-AD51-43F39997EA2C}\mpengine.dll
2012-04-11 03:43:12 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 02:47:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-10 23:24:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 23:24:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 23:24:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 23:24:15 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 23:24:15 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 23:24:15 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 23:24:15 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 21:50:13 -------- d-----w- C:\Users\Anthony\AppData\Local\mackermedia
2012-04-09 21:49:33 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Hypegram
2012-04-09 21:49:23 -------- d-----w- C:\Program Files (x86)\Hypegram
2012-04-08 22:26:12 -------- d-----w- C:\Program Files (x86)\Pin Blaster
2012-03-31 04:00:10 -------- d-----w- C:\Program Files (x86)\CCleaner
2012-03-30 09:57:15 -------- d-----w- C:\Program Files (x86)\TaskUnifier
2012-03-29 04:57:05 -------- d-----w- C:\Users\Anthony\AppData\Roaming\EssentialPIM Pro
2012-03-26 06:21:10 268435456 --sha-w- C:\swapfile.sys
2012-03-25 23:16:43 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Malwarebytes
2012-03-25 23:16:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-25 23:11:39 -------- d-----w- C:\Program Files (x86)\Spybot
2012-03-22 01:23:51 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-22 01:23:23 -------- d-----w- C:\Windows\PCHEALTH
2012-03-22 01:23:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 01:21:19 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-22 01:20:34 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-03-22 01:17:17 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-03-19 19:14:03 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-19 19:14:03 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-19 19:14:03 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-03-16 03:19:43 -------- d-----w- C:\ProgramData\DivX
.
==================== Find3M ====================
.
2012-04-14 07:43:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 08:34:16 188967 ----a-w- C:\Windows\Submitter Uninstaller.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-21 05:17:29 14848 ----a-w- C:\Windows\System32\slwga.dll
2012-02-21 05:17:29 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2012-02-21 05:17:28 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 11:33:53 12 ----a-w- C:\Users\Anthony\AppData\Roaming\data.bin
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 13:19:23.25 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 14 April 2012 - 02:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 12:59 PM

Hi Gringo - thanks for taking your time to help me out. Before you had posted, I cleaned up the PC a bit using Malwarebytes, AVG, etc. All of the major problems have been solved. However, I would like to get my PC running as fast as possible and make sure that there are no lingering problems with the system. I am going to attach a fresh HijackThis log and DDS log below, along with the other logs you requested. Thanks very much for your help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:30 PM, on 4/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
C:\Program Files (x86)\Mindjet\MindManager 10\MindManager.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 95.172.192.86:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13592 bytes


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Anthony at 13:56:38 on 2012-04-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4206 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 95.172.192.86:80
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Anthony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Anthony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE:
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{67E48D78-0D26-49FD-9890-CE499247B7E5} : NameServer = 192.168.1.1,68.237.161.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.hardId - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:07:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-14 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-30 2916736]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253088]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 V0740Vid;Rocketfish HD Webcam Pro Driver;C:\Windows\system32\DRIVERS\V0740Vid.sys --> C:\Windows\system32\DRIVERS\V0740Vid.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-15 17:33:01 98816 ----a-w- C:\Windows\sed.exe
2012-04-15 17:33:01 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-15 17:33:01 256000 ----a-w- C:\Windows\PEV.exe
2012-04-15 17:33:01 208896 ----a-w- C:\Windows\MBR.exe
2012-04-15 05:36:45 6656 ----a-w- C:\Windows\System32\pxc35pm.dll
2012-04-15 05:36:05 -------- d-----w- C:\ProgramData\Mindjet
2012-04-15 04:46:49 -------- d-----w- C:\ProgramData\FreeRIP
2012-04-15 04:23:31 -------- d-----w- C:\Program Files (x86)\VirtualCloneDrive
2012-04-15 04:06:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-15 03:31:58 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-04-15 03:23:56 -------- d-----w- C:\Users\Anthony\AppData\Local\CRE
2012-04-15 03:23:47 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-15 03:23:46 -------- d-----w- C:\Users\Anthony\AppData\Local\Conduit
2012-04-15 03:23:38 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-04-14 22:08:10 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Digiarty
2012-04-14 22:08:10 -------- d-----w- C:\Program Files (x86)\Digiarty
2012-04-14 21:56:48 -------- d-----w- C:\Users\Anthony\AppData\Roaming\HandBrake
2012-04-14 19:11:29 -------- d-----w- C:\Users\Anthony\AppData\Roaming\AVG
2012-04-14 18:59:14 27936 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-04-14 18:39:40 -------- d-----w- C:\Users\Anthony\AppData\Roaming\AVG2012
2012-04-14 18:38:52 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-14 18:37:57 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-14 18:37:57 -------- d-----w- C:\ProgramData\AVG2012
2012-04-14 18:37:57 -------- d-----w- C:\$AVG
2012-04-14 18:37:10 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-14 18:34:24 -------- d--h--w- C:\ProgramData\Common Files
2012-04-14 18:31:30 -------- d-----w- C:\ProgramData\MFAData
2012-04-14 18:21:42 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-14 17:35:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 17:06:21 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2012-04-14 17:06:21 -------- d-----w- C:\Windows\RemotePackages
2012-04-14 17:04:49 388096 ----a-r- C:\Users\Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-14 17:04:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-14 16:43:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-14 16:17:45 -------- d-----w- C:\Users\Anthony\AppData\Local\VS Revo Group
2012-04-14 16:04:15 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-04-14 16:04:13 -------- d-----w- C:\Program Files\VS Revo Group
2012-04-14 15:44:36 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-14 15:43:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-14 15:43:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 15:37:07 -------- d-----w- C:\Program Files (x86)\ClamWin
2012-04-14 15:29:52 -------- d-----w- C:\Users\Anthony\AppData\Local\Immunet
2012-04-14 13:30:51 -------- d-----we C:\Windows\system64
2012-04-14 10:28:39 -------- d-----w- C:\Users\Anthony\AppData\Roaming\RealNetworks
2012-04-14 04:24:06 892928 ----a-w- C:\Windows\SysWow64\Activelock3.6.dll
2012-04-14 04:24:06 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx
2012-04-14 04:24:01 2221568 ----a-w- C:\Windows\SysWow64\csXImage.ocx
2012-04-13 20:11:03 -------- d-----w- C:\Users\Anthony\Torrents
2012-04-13 12:29:13 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D498C7A7-47C7-431B-AD51-43F39997EA2C}\mpengine.dll
2012-04-11 03:43:12 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 02:47:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-10 23:24:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 23:24:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 23:24:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 23:24:15 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 23:24:15 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 23:24:15 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 23:24:15 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 21:50:13 -------- d-----w- C:\Users\Anthony\AppData\Local\mackermedia
2012-04-09 21:49:33 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Hypegram
2012-04-09 21:49:23 -------- d-----w- C:\Program Files (x86)\Hypegram
2012-04-08 22:26:12 -------- d-----w- C:\Program Files (x86)\Pin Blaster
2012-03-31 04:00:10 -------- d-----w- C:\Program Files (x86)\CCleaner
2012-03-30 09:57:15 -------- d-----w- C:\Program Files (x86)\TaskUnifier
2012-03-29 04:57:05 -------- d-----w- C:\Users\Anthony\AppData\Roaming\EssentialPIM Pro
2012-03-26 06:21:10 268435456 --sha-w- C:\swapfile.sys
2012-03-25 23:16:43 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Malwarebytes
2012-03-25 23:16:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-25 23:11:39 -------- d-----w- C:\Program Files (x86)\Spybot
2012-03-22 01:23:51 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-22 01:23:23 -------- d-----w- C:\Windows\PCHEALTH
2012-03-22 01:23:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 01:21:19 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-22 01:20:34 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-03-19 19:14:03 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-19 19:14:03 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-19 19:14:03 1139200 ----a-w- C:\Windows\System32\FntCache.dll
.
==================== Find3M ====================
.
2012-04-14 07:43:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 08:34:16 188967 ----a-w- C:\Windows\Submitter Uninstaller.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 09:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-21 05:17:29 14848 ----a-w- C:\Windows\System32\slwga.dll
2012-02-21 05:17:29 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2012-02-21 05:17:28 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 11:33:53 12 ----a-w- C:\Users\Anthony\AppData\Roaming\data.bin
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 13:57:11.47 ===============


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 22
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
``````````End of Log````````````


ComboFix 12-04-15.02 - Anthony 04/15/2012 13:35:14.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4056 [GMT -4:00]
Running from: c:\users\Anthony\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Anthony\AppData\Local\assembly\tmp
c:\users\Anthony\AppData\Roaming\Skype\skypeupdater.exe
c:\users\Anthony\AppData\Roaming\ubot
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:42 . 2012-04-15 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 05:36 . 2006-01-30 12:32 6656 ----a-w- c:\windows\system32\pxc35pm.dll
2012-04-15 05:36 . 2012-04-15 05:36 -------- d-----w- c:\programdata\Mindjet
2012-04-15 04:46 . 2012-04-15 04:46 -------- d-----w- c:\programdata\FreeRIP
2012-04-15 04:23 . 2012-04-15 04:23 -------- d-----w- c:\program files (x86)\VirtualCloneDrive
2012-04-15 04:06 . 2012-04-15 04:06 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-04-15 03:36 . 2012-04-15 04:27 -------- d-----w- c:\users\Anthony\AppData\Roaming\ImgBurn
2012-04-15 03:35 . 2012-04-15 03:35 -------- d-----w- c:\program files (x86)\ImgBurn
2012-04-15 03:31 . 2012-04-15 03:32 -------- d-----w- c:\program files (x86)\MagicISO
2012-04-15 03:23 . 2012-04-15 03:23 -------- d-----w- c:\users\Anthony\AppData\Local\CRE
2012-04-15 03:23 . 2012-04-15 03:23 -------- d-----w- c:\program files (x86)\Conduit
2012-04-15 03:23 . 2012-04-15 04:35 -------- d-----w- c:\users\Anthony\AppData\Local\Conduit
2012-04-15 03:23 . 2002-01-05 20:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-04-14 22:08 . 2012-04-14 22:08 -------- d-----w- c:\users\Anthony\AppData\Roaming\dvdcss
2012-04-14 22:08 . 2012-04-14 22:08 -------- d-----w- c:\users\Anthony\AppData\Roaming\Digiarty
2012-04-14 22:08 . 2012-04-14 22:08 -------- d-----w- c:\program files (x86)\Digiarty
2012-04-14 21:56 . 2012-04-15 04:27 -------- d-----w- c:\users\Anthony\AppData\Roaming\HandBrake
2012-04-14 19:11 . 2012-04-14 19:32 -------- d-----w- c:\users\Anthony\AppData\Roaming\AVG
2012-04-14 18:59 . 2012-04-14 18:59 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-14 18:38 . 2012-04-14 18:38 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-14 18:37 . 2012-04-15 13:10 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-14 18:37 . 2012-04-14 18:43 -------- d-----w- c:\programdata\AVG2012
2012-04-14 18:37 . 2012-04-14 18:37 -------- d-----w- C:\$AVG
2012-04-14 18:37 . 2012-04-15 04:32 -------- d-----w- c:\program files (x86)\AVG
2012-04-14 18:34 . 2012-04-14 18:34 -------- d--h--w- c:\programdata\Common Files
2012-04-14 18:31 . 2012-04-15 13:10 -------- d-----w- c:\programdata\MFAData
2012-04-14 18:21 . 2012-04-14 18:56 -------- d-----w- c:\programdata\HitmanPro
2012-04-14 17:35 . 2012-04-14 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 17:06 . 2012-04-14 17:06 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2012-04-14 17:06 . 2012-04-14 17:06 -------- d-----w- c:\windows\RemotePackages
2012-04-14 17:04 . 2012-04-14 17:04 388096 ----a-r- c:\users\Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-14 17:04 . 2012-04-14 17:04 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-14 16:43 . 2012-04-14 16:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-14 16:17 . 2012-04-14 16:17 -------- d-----w- c:\users\Anthony\AppData\Local\VS Revo Group
2012-04-14 16:04 . 2009-12-30 14:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-04-14 16:04 . 2012-04-14 16:04 -------- d-----w- c:\program files\VS Revo Group
2012-04-14 15:44 . 2012-04-15 04:34 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-14 15:43 . 2012-04-14 15:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-14 15:43 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 15:37 . 2012-04-15 05:25 -------- d-----w- c:\program files (x86)\ClamWin
2012-04-14 15:29 . 2012-04-14 15:29 -------- d-----w- c:\users\Anthony\AppData\Local\Immunet
2012-04-14 15:28 . 2012-04-14 15:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-14 13:30 . 2012-04-14 13:30 -------- d-----we c:\windows\system64
2012-04-14 10:28 . 2012-04-14 10:28 -------- d-----w- c:\users\Anthony\AppData\Roaming\RealNetworks
2012-04-14 04:24 . 2010-04-17 23:16 892928 ----a-w- c:\windows\SysWow64\Activelock3.6.dll
2012-04-14 04:24 . 2000-12-06 04:00 109248 ----a-w- c:\windows\SysWow64\mswinsck.ocx
2012-04-14 04:24 . 2011-11-25 22:10 2221568 ----a-w- c:\windows\SysWow64\csXImage.ocx
2012-04-13 20:11 . 2012-04-15 05:31 -------- d-----w- c:\users\Anthony\Torrents
2012-04-13 12:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D498C7A7-47C7-431B-AD51-43F39997EA2C}\mpengine.dll
2012-04-11 03:43 . 2012-04-14 07:43 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 02:47 . 2012-04-14 07:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 02:47 . 2012-04-11 02:47 -------- d-----w- c:\windows\system32\Macromed
2012-04-10 23:24 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 23:24 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 23:24 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 23:24 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 23:24 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 23:24 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 23:24 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 21:50 . 2012-04-09 21:50 -------- d-----w- c:\users\Anthony\AppData\Local\mackermedia
2012-04-09 21:49 . 2012-04-09 21:58 -------- d-----w- c:\users\Anthony\AppData\Roaming\Hypegram
2012-04-09 21:49 . 2012-04-14 15:32 -------- d-----w- c:\program files (x86)\Hypegram
2012-04-09 00:14 . 2012-04-09 00:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-08 22:26 . 2012-04-08 22:32 -------- d-----w- c:\program files (x86)\Pin Blaster
2012-03-31 04:02 . 2012-03-31 04:02 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-31 04:00 . 2012-04-14 15:24 -------- d-----w- c:\program files (x86)\CCleaner
2012-03-30 09:57 . 2012-03-31 01:45 -------- d-----w- c:\program files (x86)\TaskUnifier
2012-03-29 04:57 . 2012-03-29 05:05 -------- d-----w- c:\users\Anthony\AppData\Roaming\EssentialPIM Pro
2012-03-26 06:21 . 2012-03-26 06:21 268435456 --sha-w- C:\swapfile.sys
2012-03-25 23:16 . 2012-03-25 23:16 -------- d-----w- c:\users\Anthony\AppData\Roaming\Malwarebytes
2012-03-25 23:16 . 2012-03-25 23:16 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 23:11 . 2012-03-31 01:41 -------- d-----w- c:\program files (x86)\Spybot
2012-03-22 01:23 . 2012-03-22 01:23 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-22 01:23 . 2012-03-22 01:23 -------- d-----w- c:\windows\PCHEALTH
2012-03-22 01:23 . 2012-03-22 01:23 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-22 01:23 . 2012-03-22 01:23 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-22 01:21 . 2012-03-22 01:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-22 01:20 . 2012-03-22 01:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-19 19:14 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-19 19:14 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-19 19:14 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 07:43 . 2011-12-15 20:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 08:34 . 2011-11-27 02:40 188967 ----a-w- c:\windows\Submitter Uninstaller.exe
2012-02-23 13:18 . 2011-11-24 22:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-21 05:17 . 2011-11-27 08:26 14848 ----a-w- c:\windows\system32\slwga.dll
2012-02-21 05:17 . 2011-11-27 08:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-02-21 05:17 . 2011-11-27 08:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-02-17 06:38 . 2012-03-14 14:45 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 14:45 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:45 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:45 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 11:33 . 2012-02-15 11:33 12 ----a-w- c:\users\Anthony\AppData\Roaming\data.bin
2012-02-10 06:48 . 2012-02-10 06:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-10 06:48 . 2012-02-10 06:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-10 06:48 . 2012-02-10 06:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-10 06:48 . 2012-02-10 06:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-10 06:48 . 2012-02-10 06:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-10 06:48 . 2012-02-10 06:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-10 06:48 . 2012-02-10 06:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-10 06:48 . 2012-02-10 06:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-10 06:48 . 2012-02-10 06:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-10 06:48 . 2012-02-10 06:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-10 06:48 . 2012-02-10 06:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-10 06:48 . 2012-02-10 06:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-10 06:48 . 2012-02-10 06:48 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-10 06:48 . 2012-02-10 06:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-10 06:48 . 2012-02-10 06:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-10 06:48 . 2012-02-10 06:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-10 06:48 . 2012-02-10 06:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-10 06:48 . 2012-02-10 06:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-10 06:48 . 2012-02-10 06:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-10 06:48 . 2012-02-10 06:48 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-10 06:48 . 2012-02-10 06:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-10 06:48 . 2012-02-10 06:48 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-10 06:48 . 2012-02-10 06:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-10 06:48 . 2012-02-10 06:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-10 06:48 . 2012-02-10 06:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-10 06:48 . 2012-02-10 06:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-10 06:48 . 2012-02-10 06:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-10 06:48 . 2012-02-10 06:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-10 06:48 . 2012-02-10 06:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-10 06:48 . 2012-02-10 06:48 448512 ----a-w- c:\windows\system32\html.iec
2012-02-10 06:48 . 2012-02-10 06:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-10 06:48 . 2012-02-10 06:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-10 06:48 . 2012-02-10 06:48 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-10 06:48 . 2012-02-10 06:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-10 06:36 . 2012-03-14 14:45 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 14:45 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 14:45 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-25 06:38 . 2012-03-14 14:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:45 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\windows.old\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 V0740Vid;Rocketfish HD Webcam Pro Driver;c:\windows\system32\DRIVERS\V0740Vid.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 16:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:43]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653239667-2089329282-2235218433-1000Core.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 22:23]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653239667-2089329282-2235218433-1000UA.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 22:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ood2000
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 95.172.192.86:80
uInternet Settings,ProxyOverride = <local>
IE:
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
TCP: Interfaces\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - user.js: extensions.BabylonToolbar_i.id - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.hardId - 94cdf12a00000000000008863b0fc749
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
SafeBoot-60648543.sys
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-Spotify - c:\windows.old\Program Files (x86)\Spotify\Spotify.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{70C3DD0E-207B-6259-C1F0-B3AC6594C0AD}*]
"oapcnlbnjbkjbgjdcdlnenifmalgah"=hex:6a,61,6d,66,6d,6d,6e,68,6d,6e,61,6b,6f,68,
6e,6a,6b,62,63,61,00,fb
"nafedldhpgknodeoflddmhoaabad"=hex:6a,61,6d,66,6d,6d,6e,68,6d,6e,61,6b,6f,68,
6e,6a,6b,62,63,61,00,fb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-04-15 13:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 17:52
ComboFix2.txt 2011-05-24 07:19
.
Pre-Run: 631,148,609,536 bytes free
Post-Run: 630,960,254,976 bytes free
.
- - End Of File - - 020148E549612338005CFA372D82ADBD

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 01:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 03:09 PM

14:56:51.0275 5100 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:56:51.0515 5100 ============================================================
14:56:51.0515 5100 Current date / time: 2012/04/15 14:56:51.0515
14:56:51.0515 5100 SystemInfo:
14:56:51.0515 5100
14:56:51.0515 5100 OS Version: 6.1.7601 ServicePack: 1.0
14:56:51.0515 5100 Product type: Workstation
14:56:51.0515 5100 ComputerName: TOOPA
14:56:51.0516 5100 UserName: Anthony
14:56:51.0516 5100 Windows directory: C:\Windows
14:56:51.0516 5100 System windows directory: C:\Windows
14:56:51.0516 5100 Running under WOW64
14:56:51.0516 5100 Processor architecture: Intel x64
14:56:51.0516 5100 Number of processors: 8
14:56:51.0516 5100 Page size: 0x1000
14:56:51.0516 5100 Boot type: Normal boot
14:56:51.0516 5100 ============================================================
14:56:52.0546 5100 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:56:52.0549 5100 Drive \Device\Harddisk1\DR1 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:57:09.0556 5100 \Device\Harddisk0\DR0:
14:57:09.0556 5100 MBR used
14:57:09.0556 5100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:57:09.0556 5100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:57:09.0556 5100 \Device\Harddisk1\DR1:
14:57:09.0556 5100 MBR used
14:57:09.0556 5100 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000
14:57:09.0631 5100 Initialize success
14:57:09.0631 5100 ============================================================
14:57:17.0266 5648 ============================================================
14:57:17.0266 5648 Scan started
14:57:17.0266 5648 Mode: Manual;
14:57:17.0266 5648 ============================================================
14:57:18.0443 5648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:57:18.0446 5648 1394ohci - ok
14:57:18.0491 5648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:57:18.0494 5648 ACPI - ok
14:57:18.0515 5648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:57:18.0516 5648 AcpiPmi - ok
14:57:18.0620 5648 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:57:18.0622 5648 AdobeARMservice - ok
14:57:18.0738 5648 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:57:18.0740 5648 AdobeFlashPlayerUpdateSvc - ok
14:57:18.0805 5648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:57:18.0810 5648 adp94xx - ok
14:57:18.0847 5648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:57:18.0851 5648 adpahci - ok
14:57:18.0873 5648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:57:18.0875 5648 adpu320 - ok
14:57:18.0912 5648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:57:18.0913 5648 AeLookupSvc - ok
14:57:18.0970 5648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:57:18.0975 5648 AFD - ok
14:57:18.0995 5648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:57:18.0999 5648 agp440 - ok
14:57:19.0024 5648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:57:19.0026 5648 ALG - ok
14:57:19.0045 5648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:57:19.0046 5648 aliide - ok
14:57:19.0088 5648 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
14:57:19.0090 5648 AMD External Events Utility - ok
14:57:19.0124 5648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:57:19.0125 5648 amdide - ok
14:57:19.0162 5648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:57:19.0164 5648 AmdK8 - ok
14:57:19.0319 5648 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
14:57:19.0456 5648 amdkmdag - ok
14:57:19.0487 5648 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
14:57:19.0490 5648 amdkmdap - ok
14:57:19.0497 5648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:57:19.0498 5648 AmdPPM - ok
14:57:19.0517 5648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:57:19.0519 5648 amdsata - ok
14:57:19.0534 5648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:57:19.0536 5648 amdsbs - ok
14:57:19.0556 5648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:57:19.0557 5648 amdxata - ok
14:57:19.0590 5648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:57:19.0592 5648 AppID - ok
14:57:19.0628 5648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:57:19.0629 5648 AppIDSvc - ok
14:57:19.0665 5648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:57:19.0666 5648 Appinfo - ok
14:57:19.0686 5648 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:57:19.0689 5648 AppMgmt - ok
14:57:19.0714 5648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:57:19.0716 5648 arc - ok
14:57:19.0732 5648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:57:19.0735 5648 arcsas - ok
14:57:19.0862 5648 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:57:19.0863 5648 aspnet_state - ok
14:57:19.0895 5648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:57:19.0897 5648 AsyncMac - ok
14:57:19.0911 5648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:57:19.0912 5648 atapi - ok
14:57:19.0952 5648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:57:19.0958 5648 AudioEndpointBuilder - ok
14:57:19.0966 5648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:57:19.0970 5648 AudioSrv - ok
14:57:20.0206 5648 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:57:20.0273 5648 AVGIDSAgent - ok
14:57:20.0301 5648 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:57:20.0303 5648 AVGIDSDriver - ok
14:57:20.0333 5648 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
14:57:20.0334 5648 AVGIDSEH - ok
14:57:20.0357 5648 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:57:20.0358 5648 AVGIDSFilter - ok
14:57:20.0377 5648 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:57:20.0380 5648 Avgldx64 - ok
14:57:20.0410 5648 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:57:20.0412 5648 Avgmfx64 - ok
14:57:20.0459 5648 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:57:20.0460 5648 Avgrkx64 - ok
14:57:20.0490 5648 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
14:57:20.0494 5648 Avgtdia - ok
14:57:20.0515 5648 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:57:20.0517 5648 avgwd - ok
14:57:20.0565 5648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:57:20.0567 5648 AxInstSV - ok
14:57:20.0599 5648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:57:20.0614 5648 b06bdrv - ok
14:57:20.0661 5648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:57:20.0661 5648 b57nd60a - ok
14:57:20.0720 5648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:57:20.0722 5648 BDESVC - ok
14:57:20.0737 5648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:57:20.0738 5648 Beep - ok
14:57:20.0790 5648 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:57:20.0797 5648 BFE - ok
14:57:20.0842 5648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:57:20.0851 5648 BITS - ok
14:57:20.0866 5648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:57:20.0868 5648 blbdrive - ok
14:57:20.0928 5648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:57:20.0929 5648 bowser - ok
14:57:20.0946 5648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:57:20.0947 5648 BrFiltLo - ok
14:57:20.0967 5648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:57:20.0968 5648 BrFiltUp - ok
14:57:20.0989 5648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:57:20.0993 5648 BridgeMP - ok
14:57:21.0034 5648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:57:21.0036 5648 Browser - ok
14:57:21.0061 5648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:57:21.0064 5648 Brserid - ok
14:57:21.0081 5648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:57:21.0083 5648 BrSerWdm - ok
14:57:21.0091 5648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:57:21.0092 5648 BrUsbMdm - ok
14:57:21.0099 5648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:57:21.0100 5648 BrUsbSer - ok
14:57:21.0109 5648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:57:21.0110 5648 BTHMODEM - ok
14:57:21.0148 5648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:57:21.0153 5648 bthserv - ok
14:57:21.0163 5648 catchme - ok
14:57:21.0181 5648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:57:21.0183 5648 cdfs - ok
14:57:21.0230 5648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:57:21.0232 5648 cdrom - ok
14:57:21.0276 5648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:57:21.0278 5648 CertPropSvc - ok
14:57:21.0299 5648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:57:21.0301 5648 circlass - ok
14:57:21.0338 5648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:57:21.0341 5648 CLFS - ok
14:57:21.0381 5648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:57:21.0383 5648 clr_optimization_v2.0.50727_32 - ok
14:57:21.0430 5648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:57:21.0432 5648 clr_optimization_v2.0.50727_64 - ok
14:57:21.0508 5648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:57:21.0510 5648 clr_optimization_v4.0.30319_32 - ok
14:57:21.0563 5648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:57:21.0565 5648 clr_optimization_v4.0.30319_64 - ok
14:57:21.0583 5648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:57:21.0585 5648 CmBatt - ok
14:57:21.0623 5648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:57:21.0624 5648 cmdide - ok
14:57:21.0656 5648 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:57:21.0663 5648 CNG - ok
14:57:21.0680 5648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:57:21.0682 5648 Compbatt - ok
14:57:21.0697 5648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:57:21.0698 5648 CompositeBus - ok
14:57:21.0703 5648 COMSysApp - ok
14:57:21.0742 5648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:57:21.0744 5648 crcdisk - ok
14:57:21.0775 5648 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:57:21.0778 5648 CryptSvc - ok
14:57:21.0820 5648 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:57:21.0825 5648 CSC - ok
14:57:21.0864 5648 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:57:21.0870 5648 CscService - ok
14:57:21.0919 5648 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:57:21.0921 5648 dc3d - ok
14:57:21.0943 5648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:57:21.0946 5648 DcomLaunch - ok
14:57:22.0006 5648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:57:22.0014 5648 defragsvc - ok
14:57:22.0048 5648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:57:22.0050 5648 DfsC - ok
14:57:22.0067 5648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:57:22.0071 5648 Dhcp - ok
14:57:22.0089 5648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:57:22.0089 5648 discache - ok
14:57:22.0120 5648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:57:22.0122 5648 Disk - ok
14:57:22.0176 5648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:57:22.0179 5648 Dnscache - ok
14:57:22.0221 5648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:57:22.0224 5648 dot3svc - ok
14:57:22.0237 5648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:57:22.0240 5648 DPS - ok
14:57:22.0282 5648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:57:22.0283 5648 drmkaud - ok
14:57:22.0310 5648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:57:22.0319 5648 DXGKrnl - ok
14:57:22.0354 5648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:57:22.0356 5648 EapHost - ok
14:57:22.0421 5648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:57:22.0472 5648 ebdrv - ok
14:57:22.0508 5648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:57:22.0509 5648 EFS - ok
14:57:22.0527 5648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:57:22.0534 5648 ehRecvr - ok
14:57:22.0560 5648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:57:22.0562 5648 ehSched - ok
14:57:22.0604 5648 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:57:22.0606 5648 ElbyCDIO - ok
14:57:22.0628 5648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:57:22.0633 5648 elxstor - ok
14:57:22.0666 5648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:57:22.0667 5648 ErrDev - ok
14:57:22.0706 5648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:57:22.0710 5648 EventSystem - ok
14:57:22.0718 5648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:57:22.0720 5648 exfat - ok
14:57:22.0731 5648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:57:22.0731 5648 fastfat - ok
14:57:22.0763 5648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:57:22.0778 5648 Fax - ok
14:57:22.0778 5648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:57:22.0778 5648 fdc - ok
14:57:22.0853 5648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:57:22.0854 5648 fdPHost - ok
14:57:22.0860 5648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:57:22.0861 5648 FDResPub - ok
14:57:22.0872 5648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:57:22.0874 5648 FileInfo - ok
14:57:22.0890 5648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:57:22.0891 5648 Filetrace - ok
14:57:22.0902 5648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:57:22.0903 5648 flpydisk - ok
14:57:22.0938 5648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:57:22.0941 5648 FltMgr - ok
14:57:23.0009 5648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:57:23.0033 5648 FontCache - ok
14:57:23.0084 5648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:57:23.0086 5648 FontCache3.0.0.0 - ok
14:57:23.0105 5648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:57:23.0106 5648 FsDepends - ok
14:57:23.0145 5648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:57:23.0146 5648 Fs_Rec - ok
14:57:23.0182 5648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:57:23.0185 5648 fvevol - ok
14:57:23.0202 5648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:57:23.0204 5648 gagp30kx - ok
14:57:23.0245 5648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:57:23.0253 5648 gpsvc - ok
14:57:23.0271 5648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:57:23.0272 5648 hcw85cir - ok
14:57:23.0342 5648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:57:23.0346 5648 HdAudAddService - ok
14:57:23.0385 5648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:57:23.0387 5648 HDAudBus - ok
14:57:23.0406 5648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:57:23.0407 5648 HidBatt - ok
14:57:23.0417 5648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:57:23.0419 5648 HidBth - ok
14:57:23.0427 5648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:57:23.0429 5648 HidIr - ok
14:57:23.0468 5648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:57:23.0470 5648 hidserv - ok
14:57:23.0491 5648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:57:23.0493 5648 HidUsb - ok
14:57:23.0530 5648 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\Windows\system32\drivers\hitmanpro36.sys
14:57:23.0531 5648 hitmanpro35 - ok
14:57:23.0567 5648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:57:23.0569 5648 hkmsvc - ok
14:57:23.0580 5648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:57:23.0583 5648 HomeGroupListener - ok
14:57:23.0598 5648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:57:23.0601 5648 HomeGroupProvider - ok
14:57:23.0628 5648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:57:23.0630 5648 HpSAMD - ok
14:57:23.0661 5648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:57:23.0668 5648 HTTP - ok
14:57:23.0700 5648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:57:23.0701 5648 hwpolicy - ok
14:57:23.0737 5648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:57:23.0739 5648 i8042prt - ok
14:57:23.0781 5648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:57:23.0782 5648 iaStorV - ok
14:57:23.0828 5648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:57:23.0838 5648 idsvc - ok
14:57:23.0864 5648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:57:23.0865 5648 iirsp - ok
14:57:23.0895 5648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:57:23.0904 5648 IKEEXT - ok
14:57:23.0938 5648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:57:23.0940 5648 intelide - ok
14:57:23.0961 5648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:57:23.0962 5648 intelppm - ok
14:57:24.0017 5648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:57:24.0022 5648 IPBusEnum - ok
14:57:24.0060 5648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:57:24.0062 5648 IpFilterDriver - ok
14:57:24.0101 5648 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:57:24.0107 5648 iphlpsvc - ok
14:57:24.0139 5648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:57:24.0141 5648 IPMIDRV - ok
14:57:24.0154 5648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:57:24.0156 5648 IPNAT - ok
14:57:24.0185 5648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:57:24.0187 5648 IRENUM - ok
14:57:24.0200 5648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:57:24.0202 5648 isapnp - ok
14:57:24.0226 5648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:57:24.0229 5648 iScsiPrt - ok
14:57:24.0245 5648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:57:24.0247 5648 kbdclass - ok
14:57:24.0256 5648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:57:24.0258 5648 kbdhid - ok
14:57:24.0289 5648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:24.0290 5648 KeyIso - ok
14:57:24.0329 5648 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:57:24.0331 5648 KSecDD - ok
14:57:24.0366 5648 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:57:24.0368 5648 KSecPkg - ok
14:57:24.0383 5648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:57:24.0385 5648 ksthunk - ok
14:57:24.0411 5648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:57:24.0416 5648 KtmRm - ok
14:57:24.0437 5648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:57:24.0441 5648 LanmanServer - ok
14:57:24.0455 5648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:57:24.0461 5648 LanmanWorkstation - ok
14:57:24.0503 5648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:57:24.0505 5648 lltdio - ok
14:57:24.0530 5648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:57:24.0534 5648 lltdsvc - ok
14:57:24.0551 5648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:57:24.0553 5648 lmhosts - ok
14:57:24.0573 5648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:57:24.0575 5648 LSI_FC - ok
14:57:24.0586 5648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:57:24.0588 5648 LSI_SAS - ok
14:57:24.0617 5648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:57:24.0619 5648 LSI_SAS2 - ok
14:57:24.0635 5648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:57:24.0637 5648 LSI_SCSI - ok
14:57:24.0653 5648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:57:24.0656 5648 luafv - ok
14:57:24.0685 5648 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:57:24.0685 5648 MBAMProtector - ok
14:57:24.0766 5648 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:57:24.0771 5648 MBAMService - ok
14:57:24.0823 5648 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
14:57:24.0826 5648 mcdbus - ok
14:57:24.0855 5648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:57:24.0857 5648 Mcx2Svc - ok
14:57:24.0870 5648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:57:24.0871 5648 megasas - ok
14:57:24.0892 5648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:57:24.0895 5648 MegaSR - ok
14:57:24.0966 5648 Microsoft SharePoint Workspace Audit Service - ok
14:57:24.0987 5648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:57:24.0995 5648 MMCSS - ok
14:57:25.0028 5648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:57:25.0030 5648 Modem - ok
14:57:25.0064 5648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:57:25.0065 5648 monitor - ok
14:57:25.0101 5648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:57:25.0102 5648 mouclass - ok
14:57:25.0109 5648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:57:25.0110 5648 mouhid - ok
14:57:25.0153 5648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:57:25.0154 5648 mountmgr - ok
14:57:25.0176 5648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:57:25.0179 5648 mpio - ok
14:57:25.0200 5648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:57:25.0201 5648 mpsdrv - ok
14:57:25.0256 5648 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:57:25.0264 5648 MpsSvc - ok
14:57:25.0302 5648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:57:25.0304 5648 MRxDAV - ok
14:57:25.0340 5648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:57:25.0360 5648 mrxsmb - ok
14:57:25.0384 5648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:57:25.0387 5648 mrxsmb10 - ok
14:57:25.0397 5648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:57:25.0400 5648 mrxsmb20 - ok
14:57:25.0441 5648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:57:25.0442 5648 msahci - ok
14:57:25.0462 5648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:57:25.0465 5648 msdsm - ok
14:57:25.0482 5648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:57:25.0485 5648 MSDTC - ok
14:57:25.0506 5648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:57:25.0508 5648 Msfs - ok
14:57:25.0521 5648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:57:25.0523 5648 mshidkmdf - ok
14:57:25.0535 5648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:57:25.0537 5648 msisadrv - ok
14:57:25.0562 5648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:57:25.0564 5648 MSiSCSI - ok
14:57:25.0571 5648 msiserver - ok
14:57:25.0601 5648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:57:25.0602 5648 MSKSSRV - ok
14:57:25.0612 5648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:57:25.0613 5648 MSPCLOCK - ok
14:57:25.0628 5648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:57:25.0629 5648 MSPQM - ok
14:57:25.0665 5648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:57:25.0670 5648 MsRPC - ok
14:57:25.0684 5648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:57:25.0685 5648 mssmbios - ok
14:57:25.0705 5648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:57:25.0706 5648 MSTEE - ok
14:57:25.0722 5648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:57:25.0723 5648 MTConfig - ok
14:57:25.0744 5648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:57:25.0746 5648 Mup - ok
14:57:25.0785 5648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:57:25.0791 5648 napagent - ok
14:57:25.0842 5648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:57:25.0845 5648 NativeWifiP - ok
14:57:25.0889 5648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:57:25.0905 5648 NDIS - ok
14:57:25.0936 5648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:57:25.0936 5648 NdisCap - ok
14:57:25.0952 5648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:57:25.0952 5648 NdisTapi - ok
14:57:26.0023 5648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:57:26.0027 5648 Ndisuio - ok
14:57:26.0069 5648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:57:26.0071 5648 NdisWan - ok
14:57:26.0103 5648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:57:26.0105 5648 NDProxy - ok
14:57:26.0121 5648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:57:26.0123 5648 NetBIOS - ok
14:57:26.0138 5648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:57:26.0141 5648 NetBT - ok
14:57:26.0179 5648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:26.0180 5648 Netlogon - ok
14:57:26.0233 5648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:57:26.0238 5648 Netman - ok
14:57:26.0311 5648 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:26.0324 5648 NetMsmqActivator - ok
14:57:26.0327 5648 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:26.0328 5648 NetPipeActivator - ok
14:57:26.0359 5648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:57:26.0365 5648 netprofm - ok
14:57:26.0384 5648 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:26.0386 5648 NetTcpActivator - ok
14:57:26.0392 5648 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:26.0395 5648 NetTcpPortSharing - ok
14:57:26.0431 5648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:57:26.0433 5648 nfrd960 - ok
14:57:26.0456 5648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:57:26.0460 5648 NlaSvc - ok
14:57:26.0466 5648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:57:26.0468 5648 Npfs - ok
14:57:26.0484 5648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:57:26.0486 5648 nsi - ok
14:57:26.0523 5648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:57:26.0524 5648 nsiproxy - ok
14:57:26.0586 5648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:57:26.0618 5648 Ntfs - ok
14:57:26.0654 5648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:57:26.0655 5648 Null - ok
14:57:26.0696 5648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:57:26.0699 5648 nvraid - ok
14:57:26.0733 5648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:57:26.0735 5648 nvstor - ok
14:57:26.0766 5648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:57:26.0768 5648 nv_agp - ok
14:57:26.0806 5648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:57:26.0808 5648 ohci1394 - ok
14:57:26.0890 5648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:57:26.0892 5648 ose - ok
14:57:27.0059 5648 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:57:27.0133 5648 osppsvc - ok
14:57:27.0172 5648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:57:27.0177 5648 p2pimsvc - ok
14:57:27.0220 5648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:57:27.0226 5648 p2psvc - ok
14:57:27.0259 5648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:57:27.0262 5648 Parport - ok
14:57:27.0297 5648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:57:27.0299 5648 partmgr - ok
14:57:27.0313 5648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:57:27.0316 5648 PcaSvc - ok
14:57:27.0357 5648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:57:27.0360 5648 pci - ok
14:57:27.0399 5648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:57:27.0400 5648 pciide - ok
14:57:27.0421 5648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:57:27.0423 5648 pcmcia - ok
14:57:27.0447 5648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:57:27.0450 5648 pcw - ok
14:57:27.0468 5648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:57:27.0474 5648 PEAUTH - ok
14:57:27.0531 5648 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:57:27.0556 5648 PeerDistSvc - ok
14:57:27.0623 5648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:57:27.0625 5648 PerfHost - ok
14:57:27.0683 5648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:57:27.0709 5648 pla - ok
14:57:27.0749 5648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:57:27.0754 5648 PlugPlay - ok
14:57:27.0787 5648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:57:27.0790 5648 PNRPAutoReg - ok
14:57:27.0805 5648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:57:27.0808 5648 PNRPsvc - ok
14:57:27.0857 5648 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:57:27.0858 5648 Point64 - ok
14:57:27.0899 5648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:57:27.0904 5648 PolicyAgent - ok
14:57:27.0947 5648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:57:27.0950 5648 Power - ok
14:57:27.0993 5648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:57:27.0997 5648 PptpMiniport - ok
14:57:28.0011 5648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:57:28.0013 5648 Processor - ok
14:57:28.0062 5648 PROCEXP151 - ok
14:57:28.0078 5648 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:57:28.0094 5648 ProfSvc - ok
14:57:28.0144 5648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:28.0145 5648 ProtectedStorage - ok
14:57:28.0176 5648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:57:28.0177 5648 Psched - ok
14:57:28.0227 5648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:57:28.0253 5648 ql2300 - ok
14:57:28.0293 5648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:57:28.0295 5648 ql40xx - ok
14:57:28.0326 5648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:57:28.0330 5648 QWAVE - ok
14:57:28.0364 5648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:57:28.0366 5648 QWAVEdrv - ok
14:57:28.0389 5648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:57:28.0390 5648 RasAcd - ok
14:57:28.0422 5648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:57:28.0423 5648 RasAgileVpn - ok
14:57:28.0432 5648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:57:28.0435 5648 RasAuto - ok
14:57:28.0450 5648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:57:28.0452 5648 Rasl2tp - ok
14:57:28.0468 5648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:57:28.0473 5648 RasMan - ok
14:57:28.0484 5648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:57:28.0486 5648 RasPppoe - ok
14:57:28.0494 5648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:57:28.0496 5648 RasSstp - ok
14:57:28.0537 5648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:57:28.0541 5648 rdbss - ok
14:57:28.0551 5648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:57:28.0552 5648 rdpbus - ok
14:57:28.0562 5648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:57:28.0562 5648 RDPCDD - ok
14:57:28.0599 5648 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:57:28.0601 5648 RDPDR - ok
14:57:28.0621 5648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:57:28.0622 5648 RDPENCDD - ok
14:57:28.0631 5648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:57:28.0631 5648 RDPREFMP - ok
14:57:28.0650 5648 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:57:28.0683 5648 RdpVideoMiniport - ok
14:57:28.0722 5648 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:57:28.0723 5648 RDPWD - ok
14:57:28.0777 5648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:57:28.0780 5648 rdyboost - ok
14:57:28.0834 5648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:57:28.0836 5648 RemoteAccess - ok
14:57:28.0871 5648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:57:28.0874 5648 RemoteRegistry - ok
14:57:28.0911 5648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:57:28.0913 5648 RpcEptMapper - ok
14:57:28.0925 5648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:57:28.0927 5648 RpcLocator - ok
14:57:28.0969 5648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
14:57:28.0973 5648 RpcSs - ok
14:57:29.0023 5648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:57:29.0025 5648 rspndr - ok
14:57:29.0072 5648 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:57:29.0077 5648 RTL8167 - ok
14:57:29.0129 5648 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:57:29.0129 5648 RTL8192su - ok
14:57:29.0176 5648 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:57:29.0176 5648 s3cap - ok
14:57:29.0218 5648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:29.0219 5648 SamSs - ok
14:57:29.0238 5648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:57:29.0240 5648 sbp2port - ok
14:57:29.0373 5648 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:57:29.0390 5648 SBSDWSCService - ok
14:57:29.0417 5648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:57:29.0421 5648 SCardSvr - ok
14:57:29.0456 5648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:57:29.0457 5648 scfilter - ok
14:57:29.0511 5648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:57:29.0536 5648 Schedule - ok
14:57:29.0577 5648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:57:29.0578 5648 SCPolicySvc - ok
14:57:29.0611 5648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:57:29.0614 5648 SDRSVC - ok
14:57:29.0658 5648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:57:29.0659 5648 secdrv - ok
14:57:29.0670 5648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:57:29.0672 5648 seclogon - ok
14:57:29.0707 5648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:57:29.0709 5648 SENS - ok
14:57:29.0720 5648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:57:29.0723 5648 SensrSvc - ok
14:57:29.0741 5648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:57:29.0742 5648 Serenum - ok
14:57:29.0774 5648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:57:29.0776 5648 Serial - ok
14:57:29.0813 5648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:57:29.0814 5648 sermouse - ok
14:57:29.0869 5648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:57:29.0872 5648 SessionEnv - ok
14:57:29.0894 5648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:57:29.0895 5648 sffdisk - ok
14:57:29.0912 5648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:57:29.0913 5648 sffp_mmc - ok
14:57:29.0930 5648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:57:29.0932 5648 sffp_sd - ok
14:57:29.0944 5648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:57:29.0945 5648 sfloppy - ok
14:57:30.0008 5648 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:57:30.0017 5648 SharedAccess - ok
14:57:30.0060 5648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:57:30.0065 5648 ShellHWDetection - ok
14:57:30.0109 5648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:57:30.0110 5648 SiSRaid2 - ok
14:57:30.0123 5648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:57:30.0125 5648 SiSRaid4 - ok
14:57:30.0263 5648 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe
14:57:30.0264 5648 SkypeUpdate - ok
14:57:30.0297 5648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:57:30.0299 5648 Smb - ok
14:57:30.0310 5648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:57:30.0312 5648 SNMPTRAP - ok
14:57:30.0337 5648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:57:30.0338 5648 spldr - ok
14:57:30.0359 5648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:57:30.0363 5648 Spooler - ok
14:57:30.0444 5648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:57:30.0495 5648 sppsvc - ok
14:57:30.0511 5648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:57:30.0514 5648 sppuinotify - ok
14:57:30.0558 5648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:57:30.0563 5648 srv - ok
14:57:30.0577 5648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:57:30.0582 5648 srv2 - ok
14:57:30.0599 5648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:57:30.0602 5648 srvnet - ok
14:57:30.0619 5648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:57:30.0623 5648 SSDPSRV - ok
14:57:30.0636 5648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:57:30.0639 5648 SstpSvc - ok
14:57:30.0659 5648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:57:30.0660 5648 stexstor - ok
14:57:30.0705 5648 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:57:30.0707 5648 StillCam - ok
14:57:30.0750 5648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:57:30.0757 5648 stisvc - ok
14:57:30.0792 5648 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:57:30.0794 5648 storflt - ok
14:57:30.0826 5648 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:57:30.0828 5648 storvsc - ok
14:57:30.0846 5648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:57:30.0847 5648 swenum - ok
14:57:30.0878 5648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:57:30.0884 5648 swprv - ok
14:57:30.0890 5648 Synth3dVsc - ok
14:57:30.0948 5648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:57:30.0979 5648 SysMain - ok
14:57:31.0079 5648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:57:31.0081 5648 TabletInputService - ok
14:57:31.0096 5648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:57:31.0100 5648 TapiSrv - ok
14:57:31.0122 5648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:57:31.0124 5648 TBS - ok
14:57:31.0176 5648 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:57:31.0201 5648 Tcpip - ok
14:57:31.0243 5648 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:57:31.0253 5648 TCPIP6 - ok
14:57:31.0297 5648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:57:31.0299 5648 tcpipreg - ok
14:57:31.0334 5648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:57:31.0336 5648 TDPIPE - ok
14:57:31.0359 5648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:57:31.0360 5648 TDTCP - ok
14:57:31.0382 5648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:57:31.0386 5648 tdx - ok
14:57:31.0548 5648 TeamViewer7 (de09282b3abef632917ebedc4dcdfb56) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:57:31.0591 5648 TeamViewer7 - ok
14:57:31.0627 5648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:57:31.0629 5648 TermDD - ok
14:57:31.0645 5648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:57:31.0653 5648 TermService - ok
14:57:31.0683 5648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:57:31.0685 5648 Themes - ok
14:57:31.0714 5648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:57:31.0715 5648 THREADORDER - ok
14:57:31.0756 5648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:57:31.0759 5648 TrkWks - ok
14:57:31.0795 5648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:57:31.0797 5648 TrustedInstaller - ok
14:57:31.0838 5648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:57:31.0839 5648 tssecsrv - ok
14:57:31.0882 5648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:57:31.0883 5648 TsUsbFlt - ok
14:57:31.0904 5648 tsusbhub - ok
14:57:31.0946 5648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:57:31.0948 5648 tunnel - ok
14:57:31.0981 5648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:57:31.0982 5648 uagp35 - ok
14:57:32.0026 5648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:57:32.0030 5648 udfs - ok
14:57:32.0061 5648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:57:32.0063 5648 UI0Detect - ok
14:57:32.0080 5648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:57:32.0082 5648 uliagpkx - ok
14:57:32.0105 5648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:57:32.0106 5648 umbus - ok
14:57:32.0120 5648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:57:32.0121 5648 UmPass - ok
14:57:32.0140 5648 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:57:32.0144 5648 UmRdpService - ok
14:57:32.0178 5648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:57:32.0182 5648 upnphost - ok
14:57:32.0203 5648 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:57:32.0206 5648 usbaudio - ok
14:57:32.0220 5648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:57:32.0222 5648 usbccgp - ok
14:57:32.0250 5648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:57:32.0252 5648 usbcir - ok
14:57:32.0270 5648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:57:32.0272 5648 usbehci - ok
14:57:32.0283 5648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:57:32.0283 5648 usbhub - ok
14:57:32.0299 5648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:57:32.0299 5648 usbohci - ok
14:57:32.0314 5648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:57:32.0314 5648 usbprint - ok
14:57:32.0345 5648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:57:32.0346 5648 USBSTOR - ok
14:57:32.0360 5648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:57:32.0361 5648 usbuhci - ok
14:57:32.0398 5648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:57:32.0400 5648 UxSms - ok
14:57:32.0435 5648 V0740Vid (38f5cc54597c1903cc444b82e7f828fa) C:\Windows\system32\DRIVERS\V0740Vid.sys
14:57:32.0439 5648 V0740Vid - ok
14:57:32.0474 5648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:57:32.0475 5648 VaultSvc - ok
14:57:32.0514 5648 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
14:57:32.0516 5648 VClone - ok
14:57:32.0530 5648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:57:32.0531 5648 vdrvroot - ok
14:57:32.0573 5648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:57:32.0580 5648 vds - ok
14:57:32.0604 5648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:57:32.0605 5648 vga - ok
14:57:32.0623 5648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:57:32.0624 5648 VgaSave - ok
14:57:32.0630 5648 VGPU - ok
14:57:32.0650 5648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:57:32.0653 5648 vhdmp - ok
14:57:32.0681 5648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:57:32.0683 5648 viaide - ok
14:57:32.0703 5648 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:57:32.0706 5648 vmbus - ok
14:57:32.0724 5648 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:57:32.0725 5648 VMBusHID - ok
14:57:32.0747 5648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:57:32.0749 5648 volmgr - ok
14:57:32.0766 5648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:57:32.0770 5648 volmgrx - ok
14:57:32.0790 5648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:57:32.0793 5648 volsnap - ok
14:57:32.0821 5648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:57:32.0823 5648 vsmraid - ok
14:57:32.0877 5648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:57:32.0902 5648 VSS - ok
14:57:32.0913 5648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:57:32.0914 5648 vwifibus - ok
14:57:32.0943 5648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:57:32.0944 5648 vwififlt - ok
14:57:32.0985 5648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:57:33.0003 5648 W32Time - ok
14:57:33.0025 5648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:57:33.0027 5648 WacomPen - ok
14:57:33.0052 5648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:57:33.0054 5648 WANARP - ok
14:57:33.0059 5648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:57:33.0060 5648 Wanarpv6 - ok
14:57:33.0116 5648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:57:33.0141 5648 WatAdminSvc - ok
14:57:33.0182 5648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:57:33.0207 5648 wbengine - ok
14:57:33.0223 5648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:57:33.0227 5648 WbioSrvc - ok
14:57:33.0245 5648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:57:33.0250 5648 wcncsvc - ok
14:57:33.0291 5648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:57:33.0293 5648 WcsPlugInService - ok
14:57:33.0312 5648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:57:33.0313 5648 Wd - ok
14:57:33.0365 5648 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:57:33.0366 5648 WDC_SAM - ok
14:57:33.0392 5648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:57:33.0398 5648 Wdf01000 - ok
14:57:33.0409 5648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:57:33.0412 5648 WdiServiceHost - ok
14:57:33.0416 5648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:57:33.0419 5648 WdiSystemHost - ok
14:57:33.0459 5648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:57:33.0463 5648 WebClient - ok
14:57:33.0476 5648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:57:33.0480 5648 Wecsvc - ok
14:57:33.0495 5648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:57:33.0498 5648 wercplsupport - ok
14:57:33.0528 5648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:57:33.0531 5648 WerSvc - ok
14:57:33.0551 5648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:57:33.0552 5648 WfpLwf - ok
14:57:33.0576 5648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:57:33.0577 5648 WIMMount - ok
14:57:33.0626 5648 WinDefend - ok
14:57:33.0635 5648 WinHttpAutoProxySvc - ok
14:57:33.0715 5648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:57:33.0718 5648 Winmgmt - ok
14:57:33.0770 5648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:57:33.0804 5648 WinRM - ok
14:57:33.0838 5648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:57:33.0847 5648 Wlansvc - ok
14:57:33.0881 5648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:57:33.0882 5648 WmiAcpi - ok
14:57:33.0896 5648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:57:33.0898 5648 wmiApSrv - ok
14:57:33.0905 5648 WMPNetworkSvc - ok
14:57:33.0943 5648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:57:33.0945 5648 WPCSvc - ok
14:57:33.0984 5648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:57:33.0990 5648 WPDBusEnum - ok
14:57:34.0032 5648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:57:34.0033 5648 ws2ifsl - ok
14:57:34.0065 5648 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:57:34.0068 5648 wscsvc - ok
14:57:34.0096 5648 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:57:34.0097 5648 WSDPrintDevice - ok
14:57:34.0103 5648 WSearch - ok
14:57:34.0176 5648 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:57:34.0219 5648 wuauserv - ok
14:57:34.0262 5648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:57:34.0264 5648 WudfPf - ok
14:57:34.0298 5648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:57:34.0300 5648 WUDFRd - ok
14:57:34.0315 5648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:57:34.0318 5648 wudfsvc - ok
14:57:34.0355 5648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:57:34.0359 5648 WwanSvc - ok
14:57:34.0389 5648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:57:34.0445 5648 \Device\Harddisk0\DR0 - ok
14:57:34.0449 5648 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:57:34.0451 5648 \Device\Harddisk1\DR1 - ok
14:57:34.0454 5648 Boot (0x1200) (aca9892acf436b19368cd782f0d31295) \Device\Harddisk0\DR0\Partition0
14:57:34.0455 5648 \Device\Harddisk0\DR0\Partition0 - ok
14:57:34.0460 5648 Boot (0x1200) (9114724e929691f92aef46cb67ac4bf3) \Device\Harddisk0\DR0\Partition1
14:57:34.0462 5648 \Device\Harddisk0\DR0\Partition1 - ok
14:57:34.0466 5648 Boot (0x1200) (278df6c7ce0d3e3a0e3c86823fd65a70) \Device\Harddisk1\DR1\Partition0
14:57:34.0469 5648 \Device\Harddisk1\DR1\Partition0 - ok
14:57:34.0470 5648 ============================================================
14:57:34.0470 5648 Scan finished
14:57:34.0470 5648 ============================================================
14:57:34.0482 6188 Detected object count: 0
14:57:34.0482 6188 Actual detected object count: 0
14:58:50.0104 6452 Deinitialize success

#6 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 04:25 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 16:10:06
-----------------------------
16:10:06.957 OS Version: Windows x64 6.1.7601 Service Pack 1
16:10:06.957 Number of processors: 8 586 0x1A05
16:10:06.958 ComputerName: TOOPA UserName:
16:10:10.994 Initialize success
16:10:18.257 AVAST engine defs: 12041501
16:12:39.689 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:12:39.694 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
16:12:39.708 Disk 0 MBR read successfully
16:12:39.710 Disk 0 MBR scan
16:12:39.713 Disk 0 Windows 7 default MBR code
16:12:39.722 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:12:39.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:12:39.744 Disk 0 scanning C:\Windows\system32\drivers
16:12:52.870 Service scanning
16:13:14.827 Modules scanning
16:13:14.833 Disk 0 trace - called modules:
16:13:14.849 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:13:14.852 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b39790]
16:13:14.857 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80068eacf0]
16:13:14.861 5 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80068f5060]
16:13:16.805 AVAST engine scan C:\Windows
16:13:19.770 AVAST engine scan C:\Windows\system32
16:16:37.379 AVAST engine scan C:\Windows\system32\drivers
16:16:49.858 AVAST engine scan C:\Users\Anthony
16:27:51.552 Disk 0 MBR has been saved successfully to "C:\Users\Anthony\Desktop\MBR.dat"
16:27:51.553 The log file has been saved successfully to "C:\Users\Anthony\Desktop\aswMBR.txt"
17:04:51.499 AVAST engine scan C:\ProgramData
17:07:34.997 Scan finished successfully
17:25:12.082 Disk 0 MBR has been saved successfully to "C:\Users\Anthony\Desktop\MBR.dat"
17:25:12.087 The log file has been saved successfully to "C:\Users\Anthony\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 05:51 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 07:20 PM

OTL logfile created on: 4/15/2012 8:10:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anthony\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 49.82% Memory free
11.98 Gb Paging File | 8.77 Gb Available in Paging File | 73.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 586.37 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 57.80 Mb Free Space | 57.81% Space Free | Partition Type: NTFS
Drive G: | 1397.23 Gb Total Space | 1357.51 Gb Free Space | 97.16% Space Free | Partition Type: NTFS

Computer Name: TOOPA | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Anthony\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Anthony\Dropbox\Sick Submitter\Submitter.exe (Sick Marketing)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libcef.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\avformat-52.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\avutil-50.dll ()
MOD - C:\Users\Anthony\Dropbox\Sick Submitter\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro36.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\avgidseha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (V0740Vid) -- C:\Windows\SysNative\drivers\V0740Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 3E F4 55 99 DC CC 01 [binary data]
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\..\SearchScopes,DefaultScope = {80061919-5478-4B0E-9296-2FAF9C1CA774}
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=94cdf12a00000000000008863b0fc749
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\..\SearchScopes\{80061919-5478-4B0E-9296-2FAF9C1CA774}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 95.172.192.86:80

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/13 15:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/14 14:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/14 14:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/31 19:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/21 01:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2012/04/15 00:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\extensions
[2012/04/14 23:23:53 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2012/01/31 19:34:04 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\extensions\noreply@u2bviews.com
[2012/02/15 02:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jgiuy7o7.default\extensions\staged
[2012/02/02 19:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/08 20:15:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/29 11:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/21 01:07:49 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\nplastpass.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Google Reader Notifier (by Google) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apflmjolhbonpkbkooiamcnenbmbjcbf\1.3.1_0\
CHR - Extension: Unsubscribe.com = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlljeodbjmdnpcphkfofnongoedempc\4.0.0_0\
CHR - Extension: Unsubscribe.com = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlljeodbjmdnpcphkfofnongoedempc\4.0.0_0\old_
CHR - Extension: Add to Amazon Wish List = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Calendar = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Destroyer. = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\feffmcemhlmlmiechmihnnignbgdkhgl\1.2.1_0\
CHR - Extension: LastPass = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\
CHR - Extension: bitly | a simple URL shortener = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0\
CHR - Extension: Clearly = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\5.3333.576.642_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: Google Mail Checker = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: AVG Do-Not-Track = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.2_0\
CHR - Extension: Google Reader = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.2_0\
CHR - Extension: Gmail = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/15 13:46:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 20:09:41 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe
[2012/04/15 16:55:57 | 000,491,520 | ---- | C] (Rutu's Coding Works) -- C:\Windows\SysWow64\OUTLOOKBAR.OCX
[2012/04/15 16:55:57 | 000,271,360 | ---- | C] (R-Development Ltd) -- C:\Windows\SysWow64\EASYDB.DLL
[2012/04/15 16:55:57 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/04/15 16:55:57 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2012/04/15 16:55:57 | 000,028,672 | ---- | C] (Ruturaaj) -- C:\Windows\SysWow64\RDevEncDec.dll
[2012/04/15 16:55:57 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\List Inspector
[2012/04/15 16:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List Inspector
[2012/04/15 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\List Inspector
[2012/04/15 14:02:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/15 13:52:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/15 13:33:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/15 13:33:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/15 13:33:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/15 13:32:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/15 01:36:45 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll
[2012/04/15 01:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012/04/15 01:36:28 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\My Maps
[2012/04/15 01:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2012
[2012/04/15 01:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2012/04/15 00:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
[2012/04/15 00:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive
[2012/04/15 00:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/04/14 23:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/04/14 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\ImgBurn
[2012/04/14 23:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/04/14 23:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/04/14 23:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012/04/14 23:23:56 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\CRE
[2012/04/14 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/04/14 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Conduit
[2012/04/14 23:23:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2012/04/14 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\dvdcss
[2012/04/14 18:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/04/14 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Digiarty
[2012/04/14 18:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/04/14 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\HandBrake
[2012/04/14 17:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/04/14 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\AVG
[2012/04/14 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\AVG2012
[2012/04/14 14:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/14 14:38:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/14 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/14 14:37:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/14 14:37:57 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/14 14:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/04/14 14:34:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/14 14:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/14 14:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/14 13:35:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/14 13:06:21 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2012/04/14 13:06:21 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
[2012/04/14 13:04:49 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/14 13:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/14 12:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/14 12:17:45 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\VS Revo Group
[2012/04/14 12:04:15 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2012/04/14 12:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/04/14 12:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/14 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/04/14 11:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/04/14 11:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/14 11:43:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/14 11:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/14 11:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClamWin
[2012/04/14 11:29:52 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Immunet
[2012/04/14 11:28:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/04/14 09:30:51 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/14 06:28:39 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\RealNetworks
[2012/04/14 00:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captcha Sniper
[2012/04/14 00:24:06 | 000,892,928 | ---- | C] (The ActiveLock Software Group) -- C:\Windows\SysWow64\Activelock3.6.dll
[2012/04/14 00:24:06 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2012/04/14 00:24:01 | 002,221,568 | ---- | C] (Chestysoft) -- C:\Windows\SysWow64\csXImage.ocx
[2012/04/13 16:11:03 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Torrents
[2012/04/11 02:38:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\UBot Studio
[2012/04/10 23:43:12 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 22:47:54 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/10 22:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/10 19:27:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 19:27:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/10 19:27:25 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/10 19:27:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 19:27:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 19:27:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 19:27:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 19:27:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/10 19:27:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/10 19:27:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/10 19:27:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/10 19:27:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 19:27:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 19:27:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 19:24:19 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 19:24:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 19:24:15 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/09 17:50:13 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\mackermedia
[2012/04/09 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Hypegram
[2012/04/09 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hypegram
[2012/04/08 20:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/08 20:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/08 18:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pin Blaster
[2012/04/08 18:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pin Blaster
[2012/03/31 01:04:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\Outlook Files
[2012/03/31 00:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/03/31 00:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2012/03/30 05:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TaskUnifier
[2012/03/29 00:57:05 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\EssentialPIM Pro
[2012/03/26 00:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/03/25 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Malwarebytes
[2012/03/25 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/25 19:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/25 19:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2012/03/21 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/03/21 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/21 21:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/21 21:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/03/21 21:23:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/21 21:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/03/21 21:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/03/21 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/03/21 21:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/21 21:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/21 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/03/19 15:14:03 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

========== Files - Modified Within 30 Days ==========

[2012/04/15 20:09:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe
[2012/04/15 20:01:34 | 000,022,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 20:01:34 | 000,022,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 19:49:23 | 000,128,603 | ---- | M] () -- C:\Users\Anthony\.ranktracker.properties
[2012/04/15 19:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 19:38:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653239667-2089329282-2235218433-1000UA.job
[2012/04/15 19:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 17:37:05 | 095,151,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/15 16:55:57 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\List Inspector.lnk
[2012/04/15 16:33:43 | 000,001,649 | ---- | M] () -- C:\Users\Anthony\Desktop\Sick Platform Reader.lnk
[2012/04/15 16:33:06 | 000,001,442 | ---- | M] () -- C:\Users\Anthony\Desktop\Sick Link Checker.lnk
[2012/04/15 16:33:06 | 000,001,368 | ---- | M] () -- C:\Users\Anthony\Desktop\Sick Scraper.lnk
[2012/04/15 15:59:06 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 15:59:05 | 1549,917,439 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/15 13:47:07 | 005,004,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/15 13:46:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/15 13:38:26 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653239667-2089329282-2235218433-1000Core.job
[2012/04/15 03:03:49 | 000,002,024 | -H-- | M] () -- C:\Users\Anthony\Documents\Default.rdp
[2012/04/15 01:37:46 | 000,001,312 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/15 01:36:08 | 000,002,916 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012/04/15 01:36:07 | 000,002,892 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 2012.lnk
[2012/04/15 00:48:05 | 000,000,721 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012/04/15 00:46:55 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2012/04/14 23:51:13 | 000,017,407 | ---- | M] () -- C:\Users\Anthony\AppData\Local\dt.dat
[2012/04/14 14:59:14 | 000,027,936 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/04/14 14:57:10 | 000,003,014 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/04/14 14:40:27 | 000,002,369 | ---- | M] () -- C:\Users\Anthony\Desktop\Google Chrome.lnk
[2012/04/14 14:38:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/14 14:38:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/14 14:30:28 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/14 03:43:17 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 03:43:17 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 03:43:12 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/14 00:25:55 | 000,001,457 | ---- | M] () -- C:\Users\Anthony\Desktop\CaptchaSniper.lnk
[2012/04/13 15:57:20 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 15:57:20 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 15:57:20 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 19:25:48 | 000,001,413 | ---- | M] () -- C:\Users\Anthony\Desktop\CPA Blaster.lnk
[2012/04/09 16:01:06 | 000,054,784 | ---- | M] () -- C:\Users\Anthony\Desktop\PinBlaster - PinGrabber.exe
[2012/04/08 23:27:46 | 000,001,421 | ---- | M] () -- C:\Users\Anthony\Desktop\ProxyGoblin.lnk
[2012/04/08 20:48:16 | 000,207,723 | ---- | M] () -- C:\Users\Anthony\.spyglass.properties
[2012/04/08 18:26:12 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Pin Blaster.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/01 14:32:43 | 000,001,400 | ---- | M] () -- C:\Users\Anthony\default.blaze
[2012/04/01 02:10:03 | 000,204,240 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/31 14:54:36 | 000,001,340 | ---- | M] () -- C:\Users\Anthony\Desktop\Spotify.lnk
[2012/03/31 04:34:16 | 000,188,967 | ---- | M] () -- C:\Windows\Submitter Uninstaller.exe
[2012/03/31 04:12:32 | 000,001,388 | ---- | M] () -- C:\Users\Anthony\Desktop\Sick Submitter.lnk
[2012/03/31 00:36:55 | 000,002,633 | ---- | M] () -- C:\Users\Public\Desktop\Ericom Blaze client.lnk
[2012/03/31 00:30:05 | 000,002,525 | ---- | M] () -- C:\Users\Anthony\Desktop\Evernote.lnk
[2012/03/26 02:21:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2012/03/26 00:36:46 | 000,001,127 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/03/22 05:22:39 | 000,000,031 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/03/21 21:42:14 | 000,001,131 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/21 21:34:40 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/04/15 17:37:05 | 095,151,471 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/15 16:55:57 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\List Inspector.lnk
[2012/04/15 16:33:43 | 000,001,649 | ---- | C] () -- C:\Users\Anthony\Desktop\Sick Platform Reader.lnk
[2012/04/15 16:33:06 | 000,001,442 | ---- | C] () -- C:\Users\Anthony\Desktop\Sick Link Checker.lnk
[2012/04/15 16:33:06 | 000,001,368 | ---- | C] () -- C:\Users\Anthony\Desktop\Sick Scraper.lnk
[2012/04/15 13:33:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/15 13:33:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/15 13:33:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/15 13:33:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/15 13:33:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 01:36:08 | 000,002,916 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012/04/15 01:36:07 | 000,002,892 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 2012.lnk
[2012/04/15 00:48:05 | 000,000,721 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/04/15 00:46:55 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/04/14 23:51:13 | 000,017,407 | ---- | C] () -- C:\Users\Anthony\AppData\Local\dt.dat
[2012/04/14 14:59:14 | 000,027,936 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/04/14 14:57:10 | 000,003,014 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/04/14 14:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/14 14:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/14 13:04:06 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
[2012/04/14 12:43:05 | 000,001,312 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/14 12:30:33 | 1549,917,439 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/14 00:25:55 | 000,001,457 | ---- | C] () -- C:\Users\Anthony\Desktop\CaptchaSniper.lnk
[2012/04/10 22:47:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 19:25:48 | 000,001,413 | ---- | C] () -- C:\Users\Anthony\Desktop\CPA Blaster.lnk
[2012/04/08 23:27:46 | 000,001,421 | ---- | C] () -- C:\Users\Anthony\Desktop\ProxyGoblin.lnk
[2012/04/08 18:26:12 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Pin Blaster.lnk
[2012/04/04 22:40:38 | 000,054,784 | ---- | C] () -- C:\Users\Anthony\Desktop\PinBlaster - PinGrabber.exe
[2012/03/31 14:54:36 | 000,001,340 | ---- | C] () -- C:\Users\Anthony\Desktop\Spotify.lnk
[2012/03/31 04:31:31 | 000,002,369 | ---- | C] () -- C:\Users\Anthony\Desktop\Google Chrome.lnk
[2012/03/31 04:12:32 | 000,001,388 | ---- | C] () -- C:\Users\Anthony\Desktop\Sick Submitter.lnk
[2012/03/31 00:36:55 | 000,002,633 | ---- | C] () -- C:\Users\Public\Desktop\Ericom Blaze client.lnk
[2012/03/31 00:30:05 | 000,002,525 | ---- | C] () -- C:\Users\Anthony\Desktop\Evernote.lnk
[2012/03/26 02:21:10 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2012/03/26 00:36:46 | 000,001,127 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/03/21 21:59:11 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/21 21:42:14 | 000,001,131 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/20 15:29:37 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/03/20 15:25:03 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/03/09 18:47:28 | 000,001,109 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\MWCS.Dr_Batcher.Settings.xml
[2012/03/08 08:41:40 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/02/15 07:33:53 | 000,000,012 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\data.bin
[2012/02/12 08:51:44 | 000,000,264 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\settings.set
[2012/02/12 08:18:13 | 000,000,189 | ---- | C] () -- C:\Windows\ContentComposer.ini
[2012/02/04 12:23:03 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2012/02/04 12:23:03 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/04 12:23:03 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/26 21:10:22 | 000,000,136 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/24 03:37:49 | 000,000,154 | ---- | C] () -- C:\Windows\keywordsetting.ini
[2012/01/24 02:56:24 | 000,204,240 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/23 09:06:40 | 000,000,132 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/17 15:42:26 | 000,000,132 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/30 03:33:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/11/29 19:59:33 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/11/29 19:59:33 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/11/29 19:58:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/11/29 19:57:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/11/29 19:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/11/28 04:14:18 | 000,001,456 | ---- | C] () -- C:\Users\Anthony\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/26 22:40:59 | 000,188,967 | ---- | C] () -- C:\Windows\Submitter Uninstaller.exe
[2011/11/24 19:02:55 | 000,009,216 | ---- | C] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/24 18:31:12 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/24 18:21:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 21:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Juicy Stakes 2.0:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 09:01 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    IE - HKU\S-1-5-21-653239667-2089329282-2235218433-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = <http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=94cdf12a00000000000008863b0fc749>
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2012/02/21 01:07:49 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/04/14 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/04/14 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Conduit
    @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Juicy Stakes 2.0:MID
    @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 09:46 PM

Thank you. I am going to monitor how the computer behaves over the next couple of hours and will let you know how it's going.


========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-653239667-2089329282-2235218433-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Anthony\AppData\Local\Conduit folder moved successfully.
ADS C:\Program Files (x86)\Juicy Stakes 2.0:MID deleted successfully.
ADS C:\Program Files (x86)\Intertops Poker:MID deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:F35A93AD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Anthony\Desktop\cmd.bat deleted successfully.
C:\Users\Anthony\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: abckid24

User: All Users

User: Anthony
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: abckid24

User: All Users

User: Anthony
->Flash cache emptied: 2907 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04152012_224404

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 09:49 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 10:06 PM

Adobe AIR
Adobe Community Help
Adobe CS5
Adobe Dreamweaver CS5.5
Adobe Illustrator CS5.1
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Widget Browser
Article Marketing Robot
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Brother MFL-Pro Suite MFC-J615W
Camtasia Studio 7
Captcha-Hacker Youtube Accounts Maker
Captcha Sniper
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Ericom Blaze Client 1.4.8.4
Evernote v. 4.5.4
Everything 1.2.1.371
FileZilla Client 3.5.3
Freez FLV to AVI/MPEG/WMV Converter
Google Chrome
HiJackThis
ImgBurn
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
LibreOffice 3.4
Malwarebytes Anti-Malware version 1.61.0.1400
Market Samurai
Mass Video Blaster
Micro Niche Finder 5.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mindjet MindManager 2012
Mozilla Firefox 10.0 (x86 en-US)
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToobs YouTube Bot V 1.0.2
Notepad++
PDF Settings CS5
Pin Blaster
Proxy Goblin
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SERPAttacks
SERPAttacks Video Tutorial
Skype Click to Call
Skype™ 5.8
Snagit 10.0.1
Spotify
Spybot - Search & Destroy
StatsRemote
Submitter
TeamViewer 7
TheBestSpinner3
Tube Increaser
UBot Studio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update or Uninstall SENukeX
Video Marketing Blaster
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables
WinX DVD Ripper 5.5.3
WModem Driver Installer

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 10:21 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 22
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 abckid24

abckid24
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 15 April 2012 - 10:55 PM

Here are the two logs. The computer seems to be running a lot better. The original spyware/malware/virus that I had originally is completely gone. I do seem to run into Windows Explorer (maybe .NET?) errors once in a while. Certain applications that I run seem to clash with and hog the systems resources like memory and CPU from time to time. Those would be my only major complaints at this time. There are certain programs that would make things a lot easier for me if they ran faster/smoother. It seems like something is wrong because my computer has good specs - 6 GB RAM and Intel i7 CPU 2.80 GHz processor.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: TOOPA [administrator]

Protection: Disabled

4/15/2012 11:43:49 PM
mbam-log-2012-04-15 (23-43-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217634
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:27 PM, on 4/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Anthony\Dropbox\Sick Submitter\Submitter.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 95.172.192.86:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dropbox.lnk = C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{67E48D78-0D26-49FD-9890-CE499247B7E5}: NameServer = 192.168.1.1,68.237.161.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Windows.old\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Windows.old\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13364 bytes

Edited by abckid24, 15 April 2012 - 10:57 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 15 April 2012 - 11:05 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = C:\Windows.old\Users\abckid24\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users