Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stop: c0000135 the program can't start because %hs is missing from your computer


  • This topic is locked This topic is locked
23 replies to this topic

#1 DXN3585

DXN3585

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 23 April 2012 - 11:48 AM

Hi, I'm helping a friend fix his computer. I'm usually the go to guy when friends need help with their computers. I can usually remove things when I'm able to log into the computer and figure out what's wrong. But my friend tried to do it all on his own and messed up I guess. So I'm taking over. Since he did it all on his own. I'm unable to determine what is going on with his computer since it won't boot into windows.

I researched the error message. It looks like it's caused by a fake antivirus program. There is a fix where you change a registry value from "consrv" to "winsrv" but in this case, nothing needed changing. It was how it was supposed to be. I found it odd that the directions said to look into "controlset001" and "controlset002" but the computer only has "controlset001".

I'm out of ideas. It looks like I'll just have to do a clean install.

Here's a log from FRSTZ64.
Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 23-04-2012 09:17:37
Running from I:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [M-Audio Taskbar Icon] "C:\Windows\system32\M-AudioTaskBarIcon.exe" [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [RunAIShell] "C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe" [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-01-10] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [x]
HKLM-x32\...\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [1382984 2011-08-03] (Webroot Software, Inc. )
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [conhost] "C:\Users\bamm\AppData\Roaming\Microsoft\conhost.exe" [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [6731312 2007-06-11] (GRISOFT s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Iminent] "C:\Program Files (x86)\Iminent\Iminent.exe" /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [445416 2011-12-23] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] "C:\Program Files (x86)\Iminent\Iminent.Messengers.exe" /startup [881144 2011-12-23] (Iminent)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3865504 2012-02-07] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2575712 2012-02-16] (AVG Technologies CZ, s.r.o.)
HKU\bamm\...\Run: [uTorrent] "C:\Users\bamm\Desktop\utorrent.exe" [399736 2011-03-29] (BitTorrent, Inc.)
HKU\bamm\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-07] (Google Inc.)
HKU\bamm\...\Policies\system: [LogonHoursAction] 2
HKU\bamm\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\bamm\...\CurrentVersion\Windows: [Load] C:\Users\bamm\AppData\Local\Temp\csrss.exe
HKU\bamm\...\Winlogon: [Shell] explorer.exe
HKU\erika\...\Run: [Best Buy pc app] "C:\Users\erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms" [x]
HKU\erika\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\erika\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [x]
HKU\erika\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-07] (Google Inc.)
HKU\erika\...\Policies\system: [LogonHoursAction] 2
HKU\erika\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest.bamm-PC\...\Run: [Best Buy pc app] "C:\Users\Guest.bamm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms" [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-28] (Adobe Systems Incorporated)
2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5104992 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [203392 2009-12-23] (ASUSTeK Computer Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [371472 2011-02-18] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1117144 2011-04-06] (PC Tools)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1181104 2012-02-07] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1185704 2012-02-07] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-02-07] (Safer-Networking Ltd.)
2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe" [3996864 2011-07-11] (Webroot Software, Inc. (www.webroot.com))
2 WRConsumerService; "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe" [3381184 2011-08-03] (Webroot Software, Inc. )
2 Power32; C:\Windows\system32\winusb32.exe [x]

========================== Drivers (Whitelisted) =============

2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-05] ()
1 AVG Anti-Spyware Driver; \??\C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
1 AvgAsC64; C:\Windows\System32\Drivers\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\avgidseha.sys [26704 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [382032 2012-02-22] (AVG Technologies CZ, s.r.o.)
3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2008-01-27] (nerds.de)
3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-05-11] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [279344 2011-03-10] (PC Tools)
2 ssfmonm; C:\Windows\System32\Drivers\ssfmonm.sys [56920 2011-07-11] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [136224 2011-07-11] (Webroot Software, Inc. (www.webroot.com))
3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [105592 2011-03-24] (PACE Anti-Piracy, Inc.)
0 TPkd; C:\Windows\SysWow64\Drivers\TPkd.sys [72160 2006-08-01] (PACE Anti-Piracy, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-23 09:17 - 2011-01-20 23:04 - 0000000 ____D C:\FRST
2012-04-02 10:49 - 2009-07-13 17:39 - 0856154 ____A C:\Windows\ntbtlog.txt
2012-04-02 06:25 - 2010-07-30 09:21 - 0000112 ____A C:\Windows\setupact.log
2012-03-31 16:50 - 2012-03-16 20:29 - 0031592 ____A C:\Users\bamm\Desktop\avgrep.txt
2012-03-30 14:51 - 2011-07-26 00:00 - 0000000 ____D C:\Users\bamm\AppData\Roaming\AVG2012
2012-03-30 14:49 - 2009-04-02 20:30 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-03-30 14:49 -  - 0000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-03-30 14:48 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-30 14:48 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-30 14:48 - 2009-06-10 12:36 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-30 14:48 -  - 0000000 ___HD C:\$AVG
2012-03-30 14:46 - 2011-01-05 22:46 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-30 14:42 - 2011-06-29 11:57 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-30 14:42 - 2011-06-29 11:57 - 0000000 ____D C:\ProgramData\MFAData
2012-03-30 14:04 - 2011-09-23 16:26 - 0000355 ____A C:\Users\bamm\Documents\Computer - Shortcut.lnk
2012-03-30 12:38 - 2012-03-27 14:58 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-30 12:38 - 2012-03-27 14:58 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-30 12:38 - 2012-03-27 14:58 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-03-30 12:38 - 2009-07-13 17:41 - 0017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-03-29 15:21 - 2012-03-29 15:10 - 55296000 ____A C:\Users\bamm\Downloads\Ashampoo_Anti_Malware_1.2.0_incl_crack-_p30download.com_.part1.rar
2012-03-29 15:10 - 2011-09-09 15:22 - 0000465 ____A C:\Users\bamm\Downloads\Ashampoo_Anti-Malware_1.2.1____KeyGen___.torrent
2012-03-29 12:20 - 2011-01-21 13:02 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 12:20 - 2011-01-21 13:02 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 12:20 - 2011-01-13 17:20 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Malwarebytes
2012-03-29 12:20 - 2011-01-05 23:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 12:20 - 2010-12-07 16:08 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 12:14 - 2011-01-05 22:44 - 0002021 ____A C:\rkill.log
2012-03-29 11:46 - 2011-05-11 08:55 - 0452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-03-29 11:46 - 2011-05-06 12:28 - 0279344 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-03-29 11:46 - 2011-05-06 12:27 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-03-29 11:46 - 2011-03-10 08:08 - 0140800 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-03-29 11:46 - 2010-07-16 13:53 - 0334976 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-03-29 11:46 - 2010-06-29 09:35 - 0816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-03-29 11:46 - 2009-07-13 17:45 - 0282440 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-03-29 11:46 - 2009-06-10 12:34 - 1936248 ____A C:\Windows\System32\Drivers\Cat.DB
2012-03-29 11:45 - 2012-02-08 16:17 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-29 11:45 - 2012-02-08 16:17 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-29 11:45 - 2011-01-21 11:14 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-03-29 11:45 - 2009-07-13 17:41 - 0000000 ____D C:\Windows\System32\sdtmp
2012-03-29 11:45 - 2009-07-13 17:16 - 0000000 ____D C:\Windows\SysWOW64\sdtmp
2012-03-29 10:40 - 2011-06-29 15:29 - 0000023 ____A C:\Users\bamm\AppData\Roaming\E9A89B.dat
2012-03-28 15:30 - 2012-03-28 15:29 - 0000000 ____D C:\Program Files (x86)\IMinent Toolbar
2012-03-28 15:30 - 2011-01-05 22:45 - 0000000 ____D C:\Users\bamm\Tracing
2012-03-28 15:29 - 2012-01-04 09:33 - 0000000 ____D C:\Users\All Users\Iminent
2012-03-28 15:29 - 2012-01-04 09:33 - 0000000 ____D C:\ProgramData\Iminent
2012-03-28 15:29 - 2011-01-21 11:14 - 0000000 ____D C:\Program Files (x86)\Iminent
2012-03-28 15:29 - 2011-01-05 22:49 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Iminent
2012-03-28 15:29 - 2009-07-13 19:20 - 0000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-03-28 15:28 - 2012-03-27 15:01 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-28 15:28 - 2012-03-13 19:20 - 0000000 ____D C:\Users\bamm\Desktop\iZotope Stutter Edit VST VST3 RTAS v1.03 x86 x64 - ASSiGN
2012-03-28 15:28 -  - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-27 15:03 - 2011-01-28 07:23 - 0000017 ____A C:\Users\bamm\AppData\Local\resmon.resmoncfg
2012-03-27 14:48 - 2012-03-27 14:48 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-27 14:48 - 2012-03-27 14:48 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-27 14:48 - 2009-07-13 19:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-27 14:45 - 2012-03-27 14:45 - 0065536 __ASH C:\Windows\System32\config\components{971c395f-a288-11e0-b4ff-20cf30ea8f70}.TxR.blf
2012-03-27 12:03 - 2011-01-08 11:50 - 0048672 ___SH (ase Corporation) C:\Users\bamm\AppData\Local\dplayx.dll
2012-03-27 12:03 -  - 0001401 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-03-27 07:19 - 2012-03-21 10:01 - 312847360 ____A C:\Users\bamm\Downloads\sc 4 Taj Mendez ~ Booty I Like 8.avi.crdownload
2012-03-26 16:01 - 2012-03-20 11:01 - 408899072 ____A C:\Users\bamm\Downloads\FWB ArmaniStaxxx & Daniela Diamond.avi
2012-03-26 15:39 - 2012-03-26 14:32 - 2053433 ____A C:\Users\bamm\Desktop\jamie foxx-overdose.mp3
2012-03-26 15:30 - 2011-07-06 20:59 - 1696916 ____A C:\Users\bamm\Desktop\Trey songz- Unfortunate.mp3
2012-03-26 14:44 - 2012-03-19 14:58 - 3741779 ____A C:\Users\bamm\Desktop\12 Jamie Foxx - Slow.mp3
2012-03-26 14:31 - 2012-03-28 15:33 - 1570946 ____A C:\Users\bamm\Desktop\Jaheim - Find my way back.mp3
2012-03-24 07:38 - 2012-03-04 13:27 - 0318872 ____A C:\Windows\Minidump\032412-18408-01.dmp

============ 3 Months Modified Files and Folders =============

2012-04-23 09:17 - 2012-04-23 09:17 - 0000000 ____D C:\FRST
2012-04-22 21:59 - 2011-01-05 22:25 - 3019247616 __ASH C:\hiberfil.sys
2012-04-22 17:40 - 2012-04-02 10:49 - 0856154 ____A C:\Windows\ntbtlog.txt
2012-04-02 10:17 - 2011-12-02 22:00 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-02 10:03 - 2011-12-25 08:42 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-02 07:30 - 2012-03-30 14:48 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-02 07:30 - 2012-03-30 14:42 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-02 07:30 - 2012-03-30 14:42 - 0000000 ____D C:\ProgramData\MFAData
2012-04-02 06:25 - 2012-04-02 06:25 - 0000112 ____A C:\Windows\setupact.log
2012-04-02 02:03 - 2011-12-25 08:42 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-01 22:41 - 2009-07-13 21:13 - 0727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-01 20:15 - 2012-01-27 13:31 - 0000450 ___AH C:\Windows\Tasks\Norton Security Scan for bamm.job
2012-03-31 19:51 - 2012-03-31 16:50 - 0031592 ____A C:\Users\bamm\Desktop\avgrep.txt
2012-03-31 18:50 - 2012-03-30 14:48 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-31 18:50 - 2012-03-30 14:48 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-31 18:49 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-31 17:34 - 2011-01-06 00:15 - 0000000 ____D C:\Users\bamm\AppData\Roaming\vlc
2012-03-31 17:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-31 17:33 - 2012-03-30 14:51 - 0000000 ____D C:\Users\bamm\AppData\Roaming\AVG2012
2012-03-31 17:33 - 2012-03-30 14:49 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-03-31 17:33 - 2012-01-27 13:31 - 0000000 ____D C:\Users\All Users\Norton
2012-03-31 17:33 - 2012-01-27 13:31 - 0000000 ____D C:\ProgramData\Norton
2012-03-31 16:13 - 2010-07-30 09:37 - 0066682 ____A C:\Windows\PFRO.log
2012-03-31 07:32 - 2012-03-29 10:40 - 0000023 ____A C:\Users\bamm\AppData\Roaming\E9A89B.dat
2012-03-30 19:23 - 2011-02-16 19:23 - 0000000 ____D C:\Users\bamm\AppData\Roaming\cacaoweb
2012-03-30 14:58 - 2011-08-29 01:44 - 0000000 ____D C:\Program Files (x86)\CrossriderWebApps
2012-03-30 14:54 - 2011-03-28 18:29 - 0000000 ____D C:\Users\bamm\Desktop\Good Beats
2012-03-30 14:49 - 2012-03-30 14:49 - 0000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-03-30 14:48 - 2012-03-30 14:48 - 0000000 ___HD C:\$AVG
2012-03-30 14:46 - 2012-03-30 14:46 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-30 14:04 - 2012-03-30 14:04 - 0000355 ____A C:\Users\bamm\Documents\Computer - Shortcut.lnk
2012-03-30 13:36 - 2012-03-30 12:38 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-30 13:36 - 2012-03-30 12:38 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-30 12:39 - 2012-03-30 12:38 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-03-30 12:28 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 12:28 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 12:20 - 2012-03-28 15:30 - 0000000 ____D C:\Users\bamm\Tracing
2012-03-29 15:51 - 2012-03-29 15:21 - 55296000 ____A C:\Users\bamm\Downloads\Ashampoo_Anti_Malware_1.2.0_incl_crack-_p30download.com_.part1.rar
2012-03-29 15:21 - 2011-01-20 23:03 - 0000000 ____D C:\Users\bamm\AppData\Roaming\uTorrent
2012-03-29 15:10 - 2012-03-29 15:10 - 0000465 ____A C:\Users\bamm\Downloads\Ashampoo_Anti-Malware_1.2.1____KeyGen___.torrent
2012-03-29 12:24 - 2012-03-29 12:14 - 0002021 ____A C:\rkill.log
2012-03-29 12:20 - 2012-03-29 12:20 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Malwarebytes
2012-03-29 12:20 - 2012-03-29 12:20 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 12:20 - 2012-03-29 12:20 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 12:20 - 2012-03-29 12:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 12:15 - 2012-03-29 11:45 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-03-29 11:48 - 2012-03-29 11:45 - 0000000 ____D C:\Windows\SysWOW64\sdtmp
2012-03-29 11:46 - 2012-03-29 11:46 - 1936248 ____A C:\Windows\System32\Drivers\Cat.DB
2012-03-29 11:46 - 2012-03-29 11:45 - 0000000 ____D C:\Windows\System32\sdtmp
2012-03-29 11:46 - 2012-03-29 11:45 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-29 11:46 - 2012-03-29 11:45 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-29 11:11 - 2011-01-05 22:49 - 1497061 ____A C:\Windows\WindowsUpdate.log
2012-03-29 09:24 - 2012-03-27 12:03 - 0001401 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-03-28 15:40 - 2012-03-28 15:28 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-28 15:33 - 2012-03-28 15:28 - 0000000 ____D C:\Users\bamm\Desktop\iZotope Stutter Edit VST VST3 RTAS v1.03 x86 x64 - ASSiGN
2012-03-28 15:30 - 2012-03-28 15:30 - 0000000 ____D C:\Program Files (x86)\IMinent Toolbar
2012-03-28 15:30 - 2011-01-05 22:45 - 0000000 ____D C:\users\bamm
2012-03-28 15:29 - 2012-03-28 15:29 - 0000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-03-28 15:29 - 2012-03-28 15:29 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Iminent
2012-03-28 15:29 - 2012-03-28 15:29 - 0000000 ____D C:\Users\All Users\Iminent
2012-03-28 15:29 - 2012-03-28 15:29 - 0000000 ____D C:\ProgramData\Iminent
2012-03-28 15:29 - 2012-03-28 15:29 - 0000000 ____D C:\Program Files (x86)\Iminent
2012-03-28 15:28 - 2012-03-28 15:28 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-28 15:27 - 2011-08-09 21:02 - 0000000 ____D C:\Users\bamm\Downloads\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen-AiR
2012-03-28 13:17 - 2011-12-02 22:17 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-28 13:17 - 2011-12-02 22:00 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-28 13:17 - 2011-03-18 07:39 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-27 15:03 - 2012-03-27 15:03 - 0000017 ____A C:\Users\bamm\AppData\Local\resmon.resmoncfg
2012-03-27 15:01 - 2011-04-30 17:55 - 0000000 ____D C:\Program Files (x86)\egames
2012-03-27 15:01 - 2011-01-05 22:45 - 0000000 ____D C:\Users\bamm\AppData\LocalLow
2012-03-27 14:58 - 2011-05-04 22:52 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Skype
2012-03-27 14:58 - 2011-05-04 22:51 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-27 14:58 - 2011-05-04 22:51 - 0000000 ____D C:\Users\All Users\Skype
2012-03-27 14:58 - 2011-05-04 22:51 - 0000000 ____D C:\ProgramData\Skype
2012-03-27 14:52 - 2012-03-09 15:52 - 0000000 ____D C:\Users\bamm\AppData\Local\AppKikxSA
2012-03-27 14:48 - 2012-03-27 14:48 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-27 14:48 - 2012-03-27 14:48 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-27 14:48 - 2012-03-27 14:48 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-27 14:48 - 2011-02-05 15:18 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-27 14:45 - 2012-03-27 14:45 - 0065536 __ASH C:\Windows\System32\config\components{971c395f-a288-11e0-b4ff-20cf30ea8f70}.TxR.blf
2012-03-27 14:45 - 2011-01-26 23:02 - 0000000 ____D C:\Users\All Users\DivX
2012-03-27 14:45 - 2011-01-26 23:02 - 0000000 ____D C:\ProgramData\DivX
2012-03-27 14:45 - 2011-01-26 23:02 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-27 14:44 - 2011-02-17 18:07 - 0000000 ____D C:\Users\bamm\AppData\Local\Conduit
2012-03-27 09:51 - 2012-03-27 12:03 - 0048672 ___SH (ase Corporation) C:\Users\bamm\AppData\Local\dplayx.dll
2012-03-27 07:30 - 2012-03-27 07:19 - 312847360 ____A C:\Users\bamm\Downloads\sc 4 Taj Mendez ~ Booty I Like 8.avi.crdownload
2012-03-26 19:45 - 2012-03-26 16:01 - 408899072 ____A C:\Users\bamm\Downloads\FWB ArmaniStaxxx & Daniela Diamond.avi
2012-03-26 15:42 - 2012-03-26 15:39 - 2053433 ____A C:\Users\bamm\Desktop\jamie foxx-overdose.mp3
2012-03-26 15:32 - 2012-03-26 15:30 - 1696916 ____A C:\Users\bamm\Desktop\Trey songz- Unfortunate.mp3
2012-03-26 14:47 - 2012-03-26 14:44 - 3741779 ____A C:\Users\bamm\Desktop\12 Jamie Foxx - Slow.mp3
2012-03-26 14:32 - 2012-03-26 14:31 - 1570946 ____A C:\Users\bamm\Desktop\Jaheim - Find my way back.mp3
2012-03-24 07:38 - 2012-03-24 07:38 - 0318872 ____A C:\Windows\Minidump\032412-18408-01.dmp
2012-03-24 07:38 - 2012-01-04 07:34 - 303527703 ____A C:\Windows\MEMORY.DMP
2012-03-24 07:38 - 2012-01-04 07:34 - 0000000 ____D C:\Windows\Minidump
2012-03-23 18:38 - 2012-03-23 18:38 - 7151326 ____A C:\Users\bamm\Downloads\noevidence_edit.mp3
2012-03-21 17:46 - 2012-03-21 17:46 - 9245223 ____A C:\Users\bamm\Downloads\Trick Daddy - NANN bleep (CLICKS & WHISTLES BOOTLEG).mp3
2012-03-21 10:30 - 2012-03-21 10:30 - 5346625 ____A C:\Users\bamm\Downloads\Stalker - PRELUDE.mp3
2012-03-21 10:01 - 2012-03-21 10:01 - 6298586 ____A C:\Users\bamm\Downloads\Riff Raff ft Lil Debbie - Brain Freeze.mp3
2012-03-21 05:30 - 2012-03-21 03:34 - 211625126 ____A C:\Users\bamm\Downloads\bkb_zuri_blackbeauty.mp4
2012-03-20 17:54 - 2012-03-20 11:06 - 734009344 ____A C:\Users\bamm\Downloads\1-3-3-8.com_drop.dead.fred.1991.internal.dvdrip.xvid-8ballrips.avi
2012-03-20 16:38 - 2012-03-20 12:57 - 405833563 ____A C:\Users\bamm\Downloads\schdsalenamarie (2).wmv
2012-03-20 11:01 - 2012-03-20 11:01 - 4872312 ____A (http://www.express-files.com/) C:\Users\bamm\Downloads\Drop_Dead_Fred_(1991)_m720p_HDTV_x264-TwIzZy_downloader_119.exe
2012-03-19 18:00 - 2012-03-19 17:53 - 71110700 ____A C:\Users\bamm\Desktop\R.Kelly - Tempo Slow.wav
2012-03-19 14:58 - 2012-03-19 14:56 - 2929475 ____A C:\Users\bamm\Desktop\11. Jamie Foxx - Freakin Me ft Marsha Ambrosius - INTUITION.mp3
2012-03-19 12:58 - 2011-02-22 15:03 - 0000000 ____D C:\Users\bamm\Desktop\vid
2012-03-19 12:55 - 2011-08-18 17:12 - 0000000 ____D C:\Users\bamm\Desktop\Abelton
2012-03-19 12:42 - 2012-03-19 12:39 - 1853740 ____A C:\Users\bamm\Desktop\R.Kelly- Tempo Slow.mp3
2012-03-18 09:33 - 2012-03-15 11:25 - 0000000 ____D C:\Users\bamm\Desktop\Summer Jammin M
2012-03-18 09:30 - 2012-03-15 11:25 - 0000000 ____D C:\Users\bamm\Desktop\Summer Jammin M2
2012-03-18 09:01 - 2011-01-26 23:02 - 0000000 ____D C:\Users\bamm\AppData\Local\Google
2012-03-18 08:33 - 2011-01-13 19:57 - 0000000 ____D C:\Users\bamm\AppData\Roaming\SoftGrid Client
2012-03-17 21:01 - 2011-01-28 07:23 - 0000000 ____D C:\Users\All Users\Webroot
2012-03-17 21:01 - 2011-01-28 07:23 - 0000000 ____D C:\ProgramData\Webroot
2012-03-16 20:37 - 2012-03-16 20:37 - 0000000 ____D C:\cabs
2012-03-16 20:29 - 2011-05-02 07:16 - 0000000 ____D C:\Users\bamm\Desktop\Art
2012-03-15 15:00 - 2012-03-15 15:00 - 0000000 ____D C:\Users\bamm\Desktop\NinjaTurtles1990
2012-03-15 14:59 - 2012-03-15 14:59 - 0000000 ____D C:\Users\bamm\Desktop\Dilated Peoples - The Platform
2012-03-15 14:59 - 2012-03-15 14:59 - 0000000 ____D C:\Users\bamm\Desktop\Dilated Peoples - Expansion Team
2012-03-15 11:30 - 2012-01-04 09:51 - 0000000 ____D C:\Users\bamm\Desktop\Beat Stuff
2012-03-14 06:32 - 2009-07-13 20:45 - 0267560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 02:01 - 2011-02-09 11:53 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 19:21 - 2012-03-13 19:21 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Win7codecs
2012-03-13 19:21 - 2012-03-13 19:21 - 0000000 ____D C:\Program Files (x86)\Win7codecs
2012-03-13 19:21 - 2012-03-13 19:20 - 0000000 ____D C:\Users\All Users\Win7codecs
2012-03-13 19:21 - 2012-03-13 19:20 - 0000000 ____D C:\ProgramData\Win7codecs
2012-03-13 19:20 - 2011-08-07 23:03 - 0002358 ____A C:\Users\bamm\Desktop\Google Chrome.lnk
2012-03-13 19:14 - 2011-06-29 11:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-12 07:54 - 2012-03-12 07:54 - 4826112 ____A C:\Windows\SysWOW64\x264vfw.dll
2012-03-10 21:39 - 2011-02-03 22:20 - 0000000 ____D C:\users\Guest.bamm-PC
2012-03-09 15:52 - 2012-03-09 15:52 - 0000000 ____D C:\Program Files (x86)\Xvid
2012-03-05 00:06 - 2012-02-21 03:00 - 0004935 ____A C:\Windows\IE9_main.log
2012-03-04 13:30 - 2011-05-05 13:20 - 0000000 ____D C:\Users\erika\AppData\Roaming\Skype
2012-03-04 13:29 - 2012-01-22 03:10 - 0000000 ____D C:\Users\erika\AppData\Local\Google
2012-03-04 13:27 - 2012-03-04 13:27 - 0318928 ____A C:\Windows\Minidump\030412-24086-01.dmp
2012-02-29 22:44 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-22 04:25 - 2012-02-22 04:25 - 0382032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-02-22 04:25 - 2012-02-22 04:25 - 0289872 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-02-21 03:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-02-21 03:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-21 03:02 - 2012-02-21 03:02 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-21 03:02 - 2012-02-21 03:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-21 03:02 - 2012-02-21 03:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-21 03:02 - 2012-02-21 03:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-21 03:02 - 2012-02-21 03:02 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-21 03:02 - 2012-02-21 03:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-21 03:02 - 2012-02-21 03:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-21 03:02 - 2012-02-21 03:02 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-21 03:02 - 2012-02-21 03:02 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-21 03:02 - 2012-02-21 03:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-21 03:02 - 2012-02-21 03:02 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-21 03:02 - 2012-02-21 03:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-21 03:02 - 2012-02-21 03:02 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-21 03:02 - 2012-02-21 03:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-21 03:02 - 2012-02-21 03:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-16 14:55 - 2011-01-05 22:49 - 0000174 ___SH C:\Users\bamm\Start Menu\Programs\Startup\desktop.ini
2012-02-16 14:55 - 2011-01-05 22:49 - 0000174 ___SH C:\Users\bamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:07 - 2011-04-29 19:08 - 0000174 ___SH C:\Users\erika\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:07 - 2011-04-29 19:08 - 0000174 ___SH C:\Users\erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:07 - 2011-04-29 19:07 - 0000000 ____D C:\users\erika
2012-02-16 03:25 - 2010-07-30 09:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 03:04 - 2011-01-13 19:56 - 0743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-16 03:04 - 2011-01-13 19:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 10:00 - 2012-02-15 10:00 - 1287168 ____A (MPC-HC Team) C:\Windows\SysWOW64\VSFilter.dll
2012-02-14 22:27 - 2012-03-13 18:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 18:00 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 18:00 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 18:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-13 18:00 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 18:00 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 18:00 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 18:00 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 18:00 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 18:00 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 18:00 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 18:00 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 18:00 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 18:00 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-08 16:17 - 2012-02-08 16:17 - 0000000 ____D C:\Users\bamm\AppData\Roaming\PACE Anti-Piracy
2012-02-08 16:17 - 2012-02-08 16:17 - 0000000 ____D C:\Users\bamm\AppData\Local\PACE Anti-Piracy
2012-02-08 16:17 - 2012-02-08 16:17 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-02-08 16:17 - 2012-02-08 16:17 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2012-02-08 16:10 - 2012-02-08 14:09 - 0000000 ____D C:\Users\bamm\AppData\Roaming\Cycling '74
2012-02-08 15:07 - 2012-02-08 09:14 - 0000000 ____D C:\Program Files (x86)\Cycling '74
2012-02-02 20:16 - 2012-03-13 18:00 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 17:53 - 2012-01-31 17:53 - 6935197 ____A C:\Users\bamm\Desktop\Fat Joe Ft Chris Brown – Another Round.mp3
2012-01-31 03:46 - 2012-01-31 03:46 - 0036944 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-01-28 12:12 - 2012-01-28 12:12 - 0079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-01-28 12:10 - 2012-01-28 12:10 - 0048128 ____A C:\Windows\SysWOW64\ff_acm.acm
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\Users\All Users\Symantec
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\ProgramData\Symantec
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-01-27 13:31 - 2012-01-27 13:31 - 0000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-01-25 14:21 - 2012-01-25 14:21 - 0913920 ____A (http://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ====================== 

Percentage of memory in use: 14%
Total physical RAM: 3839.18 MB
Available physical RAM: 3283.62 MB
Total Pagefile: 3837.32 MB
Available Pagefile: 3275.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WIN7) (Fixed) (Total:680.06 GB) (Free:542.7 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
7 Drive i: (PCNOTE) (Removable) (Total:1.86 GB) (Free:0.41 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          698 GB      0 B         
  Disk 1    No Media           0 B      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    Online         1909 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             18 GB  1024 KB
  Partition 2    Primary            680 GB    18 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 1B
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   WIN7         NTFS   Partition    680 GB  Healthy            

======================================================================================================

Partitions of Disk 5:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1909 MB    31 KB

======================================================================================================

Disk: 5
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     I   PCNOTE       FAT    Removable   1909 MB  Healthy            

======================================================================================================

==========================================================

Last Boot: 2012-03-30 09:32

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   45.53KB   2 downloads

Edited by DXN3585, 23 April 2012 - 11:50 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 08:43 AM

Hi DXN3585,

Welcome to the forum.

Please let me know if you have done anything after posting the topic and if you still need assistance.

#3 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 01:17 PM

I still need assistance, right now, I'm just backing files up getting ready for fresh install if you're unable to help me. Help would be appreciated.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 01:56 PM

You may postpone the backing up. This fix should restore the system.

I'm also removing a startup entry from uTorrent and Spybot. They are legit and don't have anything to do with the boot issue. But we don't want them to run when Windows starts.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3865504 2012-02-07] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [conhost] "C:\Users\bamm\AppData\Roaming\Microsoft\conhost.exe" [x]
HKU\bamm\...\Run: [uTorrent] "C:\Users\bamm\Desktop\utorrent.exe" [399736 2011-03-29] (BitTorrent, Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
SubSystems: [Windows] ==> ZeroAccess
HKU\bamm\...\CurrentVersion\Windows: [Load] C:\Users\bamm\AppData\Local\Temp\csrss.exe
HKU\bamm\...\Winlogon: [Shell] explorer.exe
2 Power32; C:\Windows\system32\winusb32.exe [x]
C:\Users\bamm\AppData\Local\Temp\csrss.exe
end

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart, let it boot normally and tell me how it went.

#5 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 03:01 PM

Wow. It's booting up now. How did you know what files were causing the problems? I see that the conhost.exe and the crss.exe files aren't in a valid path so it's obviously a malware/virus. Is it too much to ask why you chose those fixes, and why they are significant. I'd really like to know so I could learn.

So, what's next?

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 12:54:56 R:2
Running from E:\

==============================================

HKLM-x32\\\.\.\.\\Run\\SDTray Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\conhost Value deleted successfully.
HKEY_USERS\bamm\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_USERS\bamm\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load Value restored successfully.
HKEY_USERS\bamm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
Power32 service deleted successfully.
C:\Users\bamm\AppData\Local\Temp\csrss.exe not found.

==== End of Fixlog ====

Attached Files


Edited by DXN3585, 24 April 2012 - 03:36 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 03:58 PM

Great. :thumbup2:

The system was infected with ZeroAccess and a bunch of other baddies.

You don't need to attach the logs.:)

We need to restore winsock entries that are altered by the infection so that internet will function fully without disturbance.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download MiniRegTool64.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]
    • Check Export keys radio button.
    • Press Go button and post the result.


#7 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 04:52 PM

Malwarebytes Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.06

Windows 7 x64 FAT
Internet Explorer 9.0.8112.16421
bamm :: BAMM-PC [administrator]

4/24/2012 2:33:18 PM
mbam-log-2012-04-24 (14-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271720
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 6
C:\Users\bamm\Local Settings\Application Data\AppKikxSA (Adware.HotBar.AK) -> Quarantined and deleted successfully.
C:\Users\bamm\Local Settings\Application Data\AppKikxSA\bin (Adware.HotBar.AK) -> Quarantined and deleted successfully.
C:\Users\bamm\Local Settings\Application Data\AppKikxSA\bin\1.0.5.0 (Adware.HotBar.AK) -> Quarantined and deleted successfully.
C:\Users\bamm\AppData\Local\AppKikxSA (Adware.HotBar.AK) -> Quarantined and deleted successfully.
C:\Users\bamm\AppData\Local\AppKikxSA\bin (Adware.HotBar.AK) -> Quarantined and deleted successfully.
C:\Users\bamm\AppData\Local\AppKikxSA\bin\1.0.5.0 (Adware.HotBar.AK) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\bamm\Local Settings\dplayx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\bamm\Local Settings\Application Data\dplayx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\bamm\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\bamm\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\erika\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


MiniReg Tool Exported Keys
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000007
"Serial_Access_Num"=dword:00000026
"Num_Catalog_Entries64"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\\Program Files\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\\Program Files\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 05:06 PM

  • Download Attached File  Fix.reg   756bytes   3 downloads
    Double-click and confirm the prompt to allow to merge.
  • Restart the computer.
  • Run command Prompt as Administrator. To do that:
  • Go to Start and type cmd.exe in the Search box.
  • It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
  • Copy the following command, right-click in the open Command prompt window and select Paste then press Enter:
    netsh winsock reset
  • Restart.


#9 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 05:43 PM

Ok, I did all that. It has rebooted, but it's doing the update package stuff and it's taking forever.

-

Okay. It's done.

Edited by DXN3585, 24 April 2012 - 05:52 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 05:58 PM

Could you please disable automatic update until we are done, it can lead to unexpected result at this stage.

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start > All Programs > Windows Update.
    • In the left pane select "Change Settings".
    • In the right pane check "Never Check for Updates"
    • Click OK.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#11 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 06:25 PM

OTL.txt

OTL logfile created on: 4/24/2012 4:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.41.0     Folder = C:\Users\bamm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 58.16% Memory free
7.50 Gb Paging File | 5.78 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.06 Gb Total Space | 540.52 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive D: | 1397.25 Gb Total Space | 1081.20 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.75 Gb Free Space | 93.83% Space Free | Partition Type: FAT
Drive J: | 735.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BAMM-PC | User Name: bamm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/04/24 16:07:27 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\bamm\Desktop\OTL.exe
PRC - [2012/02/07 17:18:30 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/02/07 17:18:28 | 001,185,704 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/02/07 17:18:24 | 001,181,104 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/23 13:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 13:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/01/27 09:59:00 | 000,266,240 | ---- | M] (nerds.de GbR) -- C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/04/24 14:42:00 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/01/26 16:33:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/12/25 13:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011/12/23 13:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files (x86)\Iminent\System.Data.SQLite.dll
MOD - [2011/12/23 13:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Workflow.dll
MOD - [2011/12/23 13:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Windows.dll
MOD - [2011/12/23 13:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011/12/23 13:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Services.dll
MOD - [2011/12/23 13:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll
MOD - [2011/10/31 16:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/07/08 15:33:43 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/03/29 15:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 18:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 18:58:12 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2010/11/04 18:58:08 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 18:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 18:58:04 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
MOD - [2010/11/04 18:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/11/04 18:53:26 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2010/11/04 18:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/11/04 18:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2010/11/04 18:52:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2010/11/04 18:52:30 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2010/11/04 18:52:27 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010/11/04 18:52:27 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 14:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 14:14:47 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
MOD - [2009/06/10 14:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 14:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 14:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 09:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/24 15:20:44 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 13:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:[b]64bit:[/b] - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:[b]64bit:[/b] - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:[b]64bit:[/b] - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:[b]64bit:[/b] - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/03/24 23:14:12 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (TPkd)
DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/12/07 17:08:20 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:[b]64bit:[/b] - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/03/02 04:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:[b]64bit:[/b] - [2008/07/28 19:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:[b]64bit:[/b] - [2008/01/27 10:31:00 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1) nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM)
DRV:[b]64bit:[/b] - [2006/11/16 15:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/01/04 13:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
DRV - [2006/08/01 11:51:14 | 000,072,160 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\TPkd.sys -- (TPkd)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2883621
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D2 1F 88 14 03 97 50 4F 81 30 03 35 DC 88 44 12  [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D2 1F 88 14 03 97 50 4F 81 30 03 35 DC 88 44 12  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D2 1F 88 14 03 97 50 4F 81 30 03 35 DC 88 44 12  [binary data]
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D2 1F 88 14 03 97 50 4F 81 30 03 35 DC 88 44 12  [binary data]
 
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com/
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D2 1F 88 14 03 97 50 4F 81 30 03 35 DC 88 44 12  [binary data]
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.oovoostart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-201-0-35jDE&engine_id=1&provider_id=1&product_id=201&country=US
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110829&iesrc={referrer:source}
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B3C1A773-15CB-4502-B6BE-DA7EB83992F5}&mid=f24f9f2bacc947d0a899f186760e6683-a132206c77876d02723e45ce505f3dfc0584a570&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2883621
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-669453732-524742707-1651492554-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61050
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://search.iminent.com/?appId=65b89522-0862-44ff-8405-4f16db457ec0&lcid=1033&ref=homepage"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61050
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/27 00:04:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/27 00:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/08/29 02:45:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012/03/28 16:28:36 | 000,102,423 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/13 20:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/29 12:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamm\AppData\Roaming\Mozilla\Extensions
[2012/03/28 16:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions
[2011/08/29 02:43:36 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2011/08/10 02:01:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d}
[2012/03/28 16:30:42 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/07/23 12:35:05 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\cacaoweb@cacaoweb.org
[2012/03/28 16:29:50 | 000,002,270 | ---- | M] () -- C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\searchplugins\SearchTheWeb.xml
[2012/03/28 16:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/27 15:48:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/28 16:30:38 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/03/13 20:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/08/29 02:45:12 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\PROGRAMDATA\CODECCHECK\FIREFOX
[2012/03/10 21:49:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/30 15:51:04 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/10 21:47:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/03/10 21:47:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\bamm\AppData\Local\Google\Chrome\Application\18.0.1025.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\bamm\AppData\Local\Google\Chrome\Application\18.0.1025.56\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\bamm\AppData\Local\Google\Chrome\Application\18.0.1025.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\bamm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Spybot - Search & Destroy = C:\Users\bamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.7.20106_0\
CHR - Extension: Codec-V = C:\Users\bamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\bamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
 
O1 HOSTS File: ([2012/03/29 10:24:40 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {5F5F9A78-33AB-4F11-870B-181A1BA75525} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {5F5F9A78-33AB-4F11-870B-181A1BA75525} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\Toolbar\WebBrowser: (no name) - {5F5F9A78-33AB-4F11-870B-181A1BA75525} - No CLSID value found.
O3 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\bamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-669453732-524742707-1651492554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553533700} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89EA71D3-62E1-43C8-B243-93A2D3FA6682}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A4BA73C-878C-4D3F-AF0B-0A2C47D21B4C}: DhcpNameServer = 10.177.0.34 10.176.83.140
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00c2bc43-9787-11e0-ba58-20cf30ea8f70}\Shell - "" = AutoRun
O33 - MountPoints2\{00c2bc43-9787-11e0-ba58-20cf30ea8f70}\Shell\AutoRun\command - "" = L:\iStudio.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/04/24 16:07:27 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\bamm\Desktop\OTL.exe
[2012/04/24 15:54:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 15:54:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 15:19:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/24 15:19:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/24 15:19:05 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/24 15:19:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/24 15:19:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/24 15:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/24 15:19:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/24 15:19:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/24 15:19:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/24 15:19:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/24 15:19:02 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/24 15:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 15:07:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/04/24 15:06:50 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/24 15:06:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/24 15:06:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 15:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/04/24 15:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/04/24 15:05:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/24 14:57:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/24 14:57:43 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/24 14:57:41 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/24 14:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/24 14:31:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/24 14:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/24 14:30:03 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\bamm\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/24 14:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2012/04/24 14:26:35 | 000,000,000 | ---D | C] -- C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
[2012/04/24 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/24 14:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/31 17:10:56 | 000,000,000 | ---D | C] -- C:\Users\bamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012
[2012/03/30 15:51:25 | 000,000,000 | ---D | C] -- C:\Users\bamm\AppData\Roaming\AVG2012
[2012/03/30 15:49:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/30 15:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/30 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/30 15:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/30 13:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/30 13:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/03/30 13:38:48 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/03/30 13:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/03/29 13:20:41 | 000,000,000 | ---D | C] -- C:\Users\bamm\AppData\Roaming\Malwarebytes
[2012/03/29 13:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/29 12:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/29 12:45:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sdtmp
[2012/03/29 12:45:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sdtmp
[2012/03/28 16:30:51 | 000,000,000 | ---D | C] -- C:\Users\bamm\Tracing
[2012/03/28 16:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar
[2012/03/28 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\bamm\AppData\Roaming\Iminent
[2012/03/28 16:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2012/03/28 16:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012/03/28 16:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2012/03/28 16:28:58 | 000,000,000 | ---D | C] -- C:\Users\bamm\Desktop\iZotope Stutter Edit VST VST3 RTAS v1.03 x86 x64 - ASSiGN
[2012/03/28 16:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom
[2012/03/27 15:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/27 15:48:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/27 15:48:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/27 15:48:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\bamm\Desktop\*.tmp files -> C:\Users\bamm\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/04/24 16:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 16:10:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 16:10:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 16:09:10 | 000,730,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/24 16:09:10 | 000,626,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/24 16:09:10 | 000,107,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/24 16:07:27 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\bamm\Desktop\OTL.exe
[2012/04/24 16:03:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 16:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/24 16:02:49 | 000,277,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/24 16:02:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/24 16:02:26 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 15:34:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/04/24 15:34:30 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/04/24 15:23:30 | 000,000,756 | ---- | M] () -- C:\Users\bamm\Desktop\Fix.reg
[2012/04/24 15:20:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/24 15:20:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/24 15:19:59 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/24 15:06:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 15:06:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/04/24 15:01:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/04/24 14:31:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 14:31:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\bamm\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/24 14:20:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/24 14:20:23 | 000,744,428 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/24 13:51:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/31 17:10:57 | 000,001,912 | ---- | M] () -- C:\Users\bamm\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/03/31 08:32:59 | 000,000,023 | ---- | M] () -- C:\Users\bamm\AppData\Roaming\E9A89B.dat
[2012/03/30 15:04:46 | 000,000,355 | ---- | M] () -- C:\Users\bamm\Documents\Computer - Shortcut.lnk
[2012/03/29 12:46:58 | 001,936,248 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/29 10:24:40 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/28 16:29:34 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/03/27 16:03:48 | 000,000,017 | ---- | M] () -- C:\Users\bamm\AppData\Local\resmon.resmoncfg
[2012/03/27 15:48:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/27 15:48:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/27 15:48:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/27 15:48:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/26 16:42:16 | 002,053,433 | ---- | M] () -- C:\Users\bamm\Desktop\jamie foxx-overdose.mp3
[2012/03/26 16:32:28 | 001,696,916 | ---- | M] () -- C:\Users\bamm\Desktop\Trey songz- Unfortunate.mp3
[2012/03/26 15:47:41 | 003,741,779 | ---- | M] () -- C:\Users\bamm\Desktop\12 Jamie Foxx - Slow.mp3
[2012/03/26 15:32:22 | 001,570,946 | ---- | M] () -- C:\Users\bamm\Desktop\Jaheim - Find my way back.mp3
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\bamm\Desktop\*.tmp files -> C:\Users\bamm\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/04/24 15:23:31 | 000,000,756 | ---- | C] () -- C:\Users\bamm\Desktop\Fix.reg
[2012/04/24 15:06:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 15:06:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/04/24 15:01:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/04/24 14:31:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 14:20:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/24 14:20:27 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 13:51:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012/03/30 15:04:46 | 000,000,355 | ---- | C] () -- C:\Users\bamm\Documents\Computer - Shortcut.lnk
[2012/03/30 13:38:51 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/03/29 12:46:13 | 001,936,248 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/29 12:01:35 | 000,001,918 | ---- | C] () -- C:\Users\bamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012.lnk
[2012/03/29 12:01:35 | 000,001,912 | ---- | C] () -- C:\Users\bamm\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/03/29 11:40:57 | 000,000,023 | ---- | C] () -- C:\Users\bamm\AppData\Roaming\E9A89B.dat
[2012/03/28 16:29:32 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/03/27 16:03:48 | 000,000,017 | ---- | C] () -- C:\Users\bamm\AppData\Local\resmon.resmoncfg
[2012/03/26 16:39:23 | 002,053,433 | ---- | C] () -- C:\Users\bamm\Desktop\jamie foxx-overdose.mp3
[2012/03/26 16:30:08 | 001,696,916 | ---- | C] () -- C:\Users\bamm\Desktop\Trey songz- Unfortunate.mp3
[2012/03/26 15:44:23 | 003,741,779 | ---- | C] () -- C:\Users\bamm\Desktop\12 Jamie Foxx - Slow.mp3
[2012/03/26 15:31:12 | 001,570,946 | ---- | C] () -- C:\Users\bamm\Desktop\Jaheim - Find my way back.mp3
[2012/03/12 08:54:18 | 004,826,112 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/03/09 16:52:48 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/09 16:52:48 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/28 13:12:40 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/04 10:30:04 | 000,010,456 | -HS- | C] () -- C:\Users\bamm\AppData\Local\p05er57gslp4k20dct8xicbu67348pdqy
[2012/01/04 10:30:04 | 000,010,456 | -HS- | C] () -- C:\ProgramData\p05er57gslp4k20dct8xicbu67348pdqy
[2012/01/04 09:53:32 | 000,010,576 | -HS- | C] () -- C:\Users\bamm\AppData\Local\cxd8o8j8hsar
[2012/01/04 09:53:32 | 000,010,576 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/09/09 16:35:08 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/09/08 02:53:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/04/15 12:56:38 | 000,128,512 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/04/15 12:56:31 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/03/24 23:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/21 00:32:19 | 200,000,000 | ---- | C] () -- C:\Program Files\Z.part4.rar
[2011/01/21 00:21:16 | 000,717,614 | ---- | C] () -- C:\Program Files\Windows6.1-KB917607-x64.rar
[2011/01/21 00:19:27 | 000,155,046 | ---- | C] () -- C:\Program Files\winhlp32-windows-7-x86-x64-komeil.cab
[2011/01/21 00:05:39 | 000,018,359 | ---- | C] () -- C:\Program Files\Rebirth_RB-338_2.0_full_iso.torrent
[2011/01/20 22:54:10 | 000,000,128 | ---- | C] () -- C:\Windows\Rb20upd.dat
[2011/01/20 22:52:06 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011/01/13 20:56:47 | 000,744,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/30 10:21:52 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/30 10:21:21 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/30 10:20:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/30 10:20:08 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/30 10:20:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/30 10:20:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/30 10:18:26 | 000,008,007 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/30 10:18:24 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/30 10:18:23 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/30 10:18:23 | 000,006,553 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/30 10:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1080 bytes -> C:\Users\bamm\AppData\Local\Temp:TcmK9IfCYp3cOMD0SBZY
@Alternate Data Stream - 1046 bytes -> C:\Users\bamm\AppData\Local\Temp:vzWC3pt0WOZcnKvlXSMykdIIzgzkl

< End of report >

Attached Files


Edited by DXN3585, 24 April 2012 - 06:26 PM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 07:00 PM

You may post the logs as it is without putting them in the codebox. Thank you.

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      FF - prefs.js..network.proxy.http: "127.0.0.1"
      FF - prefs.js..network.proxy.http_port: 61050
      FF - prefs.js..network.proxy.type: 1
      :files
      C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d}
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Please download Attached File  fix.bat   210bytes   5 downloads
    Important: Right-Click fix.bat and select "Run as administrator".
    A command window and then a log file (log.txt) will open. Please post the log.


#13 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 08:02 PM

OTL Fix Log

========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 61050 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
========== FILES ==========
C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d}\defaults\preferences folder moved successfully.
C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d}\defaults folder moved successfully.
C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d}\chrome folder moved successfully.
Folder move failed. C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d} scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.41.0 log created on 04242012_175612

Files\Folders moved on Reboot...
C:\Users\bamm\AppData\Roaming\Mozilla\Firefox\Profiles\553i593w.default\extensions\{b0aec417-b450-4d07-aebe-6ce9278fe18d} folder moved successfully.

Registry entries deleted on Reboot...


Fix.bat Log

Error: The system cannot find the file specified.

The system cannot find the file specified.
Volume in drive C is WIN7
Volume Serial Number is 6EAD-B996

Directory of C:\Windows

File Not Found
End

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 AM

Posted 24 April 2012 - 08:11 PM

Well done.

Did you run the fix.bat more than once?

#15 DXN3585

DXN3585
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 24 April 2012 - 08:14 PM

I ran it the first time forgot to use administrator privileges and then i ran it again under administrator.

So is that everything? Sounds like it is since you said "Well done".

Edited by DXN3585, 24 April 2012 - 08:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users