Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Consrv.dll problem


  • This topic is locked This topic is locked
49 replies to this topic

#1 Jpro0001

Jpro0001

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 12:55 PM

Hi,

I've had this problem for awhile now and I'm ready for this to be fixed! Hopefully someone can help. My antivirus program quarantines the consrv.dll but the problem is when I restart the computer it will not boot up properly. I have malwarebytes as well and will not fix this problem.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ajpro at 12:27:00 on 2012-04-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2414 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120331003653.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mExplorerRun: [53668] C:\PROGRA~3\LOCALS~1\Temp\mshgda.cmd
StartupFolder: C:\Users\ajpro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
StartupFolder: C:\Users\ajpro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\ajpro\AppData\Local\Temp\_uninst_.bat
StartupFolder: C:\Users\ajpro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\ajpro\AppData\Local\Temp\_uninst_67858113.bat
StartupFolder: C:\Users\ajpro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~2.LNK - C:\Users\ajpro\AppData\Local\Temp\_uninst_97591721.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\system32\iavlsp.dll
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cashwise.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC} : DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC}\2514D41444142326 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC}\3494659434023454E4455425 : DhcpNameServer = 69.26.24.1 69.26.24.2
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC}\36F6D666F62747375796475637 : DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC}\742716E64694E6475627E6164796F6E616C6333363 : DhcpNameServer = 216.221.96.36 216.221.96.37
TCP: Interfaces\{AA1DBAB0-933C-440D-8A76-D3F8F8673BEC}\C696E6B6379737 : DhcpNameServer = 74.127.128.30 209.81.96.130
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120331003653.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 67858113;67858113;C:\Windows\system32\DRIVERS\67858113.sys --> C:\Windows\system32\DRIVERS\67858113.sys [?]
R0 85062258;85062258;C:\Windows\system32\DRIVERS\85062258.sys --> C:\Windows\system32\DRIVERS\85062258.sys [?]
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/06 21:00:54];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2011-3-5 98304]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-3-25 724152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-4 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-31 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-31 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-8 222512]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-8 135664]
S2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-3-25 724152]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-8 135664]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-3-31 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-27 15:05:00 460888 ----a-w- C:\Windows\System32\drivers\67858113.sys
2012-04-24 03:13:28 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-22 06:08:26 460888 ----a-w- C:\Windows\System32\drivers\85062258.sys
2012-04-21 22:55:37 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:50:27 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-04-02 23:14:42 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-02 23:14:35 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-02 23:14:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-02 23:14:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-02 23:14:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-02 23:14:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-02 23:13:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-02 23:13:56 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-02 23:13:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-02 23:13:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-02 04:03:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-02 04:03:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-02 03:03:31 -------- d-----w- C:\Windows\pss
2012-03-31 05:39:18 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 05:38:24 71800 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-03-31 05:37:18 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-03-31 05:36:51 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-03-31 05:36:50 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-03-31 05:36:40 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-03-31 05:36:40 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-03-31 05:36:40 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-03-31 05:36:40 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-03-31 05:36:40 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-03-31 05:36:40 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-03-31 05:36:40 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-03-31 05:36:40 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-03-31 05:36:27 -------- d-----w- C:\Program Files\McAfee.com
2012-03-31 05:36:26 -------- d-----w- C:\Program Files\McAfee
2012-03-31 04:26:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-29 03:34:08 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2012-03-29 02:49:08 -------- d-----w- C:\Users\ajpro\AppData\Local\McAfee Anti-Theft
2012-03-29 02:47:35 -------- d-----w- C:\Program Files\Common Files\McAfee
.
==================== Find3M ====================
.
2012-04-27 15:26:07 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-21 22:55:55 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 05:14:16 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-03-26 01:42:47 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
.
============= FINISH: 12:28:37.98 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 27 April 2012 - 02:45 PM

Good evening. :)

Do you have a flashdrive of at least 128 Mb that you can use for a little tool to gather some information about your PC?

So long, and thanks for all the fish.

 

 


#3 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 03:25 PM

Yes I have one available.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 27 April 2012 - 04:35 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

So long, and thanks for all the fish.

 

 


#5 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 05:54 PM

Here is the log as requested

Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 27-04-2012 17:32:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-27] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [210216 2009-01-21] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2009-04-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [434360 2010-10-12] (iolo technologies, LLC)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKU\ajpro\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\ajpro\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer\Run: [53668] C:\PROGRA~3\LOCALS~1\Temp\mshgda.cmd
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-21] (Adobe Systems Incorporated)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-05-05] (WildTangent, Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2010-02-26] (Hewlett-Packard Company)
2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-10-12] (iolo technologies, LLC)
2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-10-12] (iolo technologies, LLC)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2011-10-18] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-12-06] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-12-06] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-12-06] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-02] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 ShockMgr; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 ShockMgr; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-11-26] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-11-26] ()
2 winvnc4; C:\Windows\System32\belmonitorservice.dll [6656 2009-07-13] (Oak Technology Inc.)
2 HP Health Check Service; "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

0 67858113; C:\Windows\System32\Drivers\67858113.sys [460888 2012-04-22] (Kaspersky Lab ZAO)
0 85062258; C:\Windows\System32\Drivers\85062258.sys [460888 2012-04-22] (Kaspersky Lab ZAO)
3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2010-02-26] (Hewlett-Packard Company)
0 AtiPcie; C:\Windows\System32\Drivers\AtiPcie.sys [16400 2008-04-27] (ATI Technologies Inc.)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2010-02-26] (Hewlett-Packard Company)
0 kl1; C:\Windows\System32\Drivers\kl1.sys [156688 2009-06-15] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [26640 2009-05-15] (Kaspersky Lab)
3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [29808 2012-03-25] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [184832 2008-11-10] (Realtek Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: penclass
NETSVC: k750bus
NETSVC: symantecantibotdriver
NETSVC: websenseclientdeployservice
NETSVC: prodrv06
NETSVC: bh611
NETSVC: winvnc4
NETSVC: DcPTP
NETSVC: risdptsk
NETSVC: stunnel
NETSVC: UNDPX2A
NETSVC: tfsndres
NETSVC: ShockMgr

============ One Month Created Files and Folders ==============

2012-04-27 14:22 - 2007-11-07 05:00 - 0000000 ____D C:\FRST
2012-04-27 14:21 - 2009-07-13 17:39 - 0000330 ____A C:\Windows\ntbtlog.txt
2012-04-27 10:19 - 2012-03-25 15:31 - 0000000 ____D C:\Users\ajpro\Desktop\Taylor
2012-04-27 09:29 - 2012-04-27 09:16 - 0028937 ____A C:\Users\ajpro\Desktop\DDS.txt
2012-04-27 09:29 - 2012-03-05 19:17 - 0022656 ____A C:\Users\ajpro\Desktop\Attach.txt
2012-04-27 09:19 - 2012-04-27 09:29 - 0050477 ____A C:\Users\ajpro\Desktop\Defogger.exe
2012-04-27 09:16 - 2012-03-30 20:57 - 0607260 ____R (Swearware) C:\Users\ajpro\Desktop\dds.scr
2012-04-27 09:03 - 2012-04-16 19:34 - 0057814 ____A C:\Users\ajpro\Desktop\Extras.Txt
2012-04-27 09:02 - 2012-04-27 08:52 - 0116510 ____A C:\Users\ajpro\Desktop\OTL.Txt
2012-04-27 08:52 - 2012-04-16 19:34 - 0595968 ____A (OldTimer Tools) C:\Users\ajpro\Desktop\OTL.exe
2012-04-27 07:15 - 2012-02-17 15:38 - 0000932 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_.lnk
2012-04-27 07:15 - 2012-02-17 15:38 - 0000932 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
2012-04-27 07:06 - 2012-04-27 07:15 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_67858113.lnk
2012-04-27 07:06 - 2012-04-27 07:15 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67858113.lnk
2012-04-27 07:05 - 2010-11-20 02:44 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\67858113.sys
2012-04-23 19:13 - 2012-04-23 19:13 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-23 19:13 - 2012-04-23 19:13 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-23 19:13 - 2012-03-30 20:56 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-23 19:13 - 2009-07-13 17:40 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-23 19:10 - 2011-04-04 17:18 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64.exe
2012-04-21 22:11 - 2012-04-27 07:06 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:11 - 2012-04-27 07:06 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:08 - 2012-04-22 04:33 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\85062258.sys
2012-04-21 21:13 - 2009-08-09 14:49 - 132113152 ____A C:\Users\ajpro\Desktop\setup_11.0.0.1245.x01_2012_04_22_07_33.exe
2012-04-21 14:55 - 2012-04-21 14:55 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-21 14:43 - 2011-07-15 22:00 - 0497909 ____A C:\Users\ajpro\Documents\XM Radio pymt.xps
2012-04-21 10:50 - 2012-03-30 20:57 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-04-21 10:50 - 2012-03-30 20:57 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-04-21 09:18 - 2012-04-23 19:10 - 2053340 ____A C:\Users\ajpro\Downloads\tdsskiller.zip
2012-04-21 09:17 - 2012-04-21 09:16 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.17.57_log.txt
2012-04-21 09:15 - 2012-04-01 19:46 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.15.48_log.txt
2012-04-19 17:06 - 2012-03-28 19:24 - 0047655 ____A C:\Users\ajpro\Desktop\jason truck order.pdf
2012-04-16 19:34 - 2012-03-17 08:30 - 1306022 ____A C:\Users\ajpro\Desktop\odometer.jpg
2012-04-16 19:34 - 2011-10-15 14:44 - 1539408 ____A C:\Users\ajpro\Desktop\escape side.jpg
2012-04-16 18:33 - 2009-12-11 08:41 - 0282938 ____A C:\Users\ajpro\Documents\I Keating.xps
2012-04-16 18:22 - 2012-03-17 10:18 - 0225382 ____A C:\Users\ajpro\Documents\Kohls.xps
2012-04-08 19:23 - 2012-03-04 18:39 - 0000000 ____D C:\Users\ajpro\Desktop\2012
2012-04-08 07:32 - 2012-03-24 16:02 - 0000000 ____D C:\Program Files\Java
2012-04-02 18:35 - 2012-04-01 19:43 - 0247247 ____A C:\Users\ajpro\Desktop\Walmart.xps
2012-04-02 15:14 - 2012-02-16 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-02 15:14 - 2010-11-20 05:27 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-02 15:14 - 2010-11-20 05:26 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-02 15:14 - 2010-11-20 04:18 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-02 15:14 - 2009-07-13 17:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-02 15:14 - 2009-07-13 17:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-02 15:13 - 2010-11-20 05:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-02 15:13 - 2010-11-20 04:21 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-02 15:13 - 2009-07-13 16:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-02 15:13 - 2009-07-13 16:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-02 15:05 - 2009-07-13 17:39 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-01 20:03 - 2012-03-24 15:21 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 20:03 - 2012-03-24 15:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-01 19:44 - 2012-04-01 19:43 - 0079928 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.44.12_log.txt
2012-04-01 19:43 - 2012-04-27 10:19 - 0000000 ____D C:\Users\ajpro\Desktop\tdsskiller
2012-04-01 19:43 - 2012-04-21 17:20 - 1954684 ____A C:\Users\ajpro\Desktop\tdsskiller.zip
2012-04-01 19:43 - 2012-03-24 15:59 - 0000346 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.43.42_log.txt
2012-04-01 19:03 - 2012-02-16 15:57 - 0000000 ____D C:\Windows\pss
2012-04-01 18:39 - 2012-03-25 09:53 - 0000039 ___RH C:\Users\ajpro\Desktop\stinger.opt
2012-03-30 21:40 - 2012-03-30 21:08 - 0001828 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-03-30 21:39 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 21:39 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-30 21:39 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 21:38 - 2011-03-16 14:38 - 0000000 __RSD C:\Users\ajpro\Documents\McAfee Vaults
2012-03-30 21:38 - 2009-07-13 16:01 - 0071800 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2012-03-30 21:37 - 2012-03-30 22:48 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-03-30 21:36 - 2012-04-08 07:32 - 0000000 ____D C:\Program Files\McAfee
2012-03-30 21:36 - 2012-03-30 21:38 - 0000000 ____D C:\Program Files\McAfee.com
2012-03-30 21:36 - 2011-10-15 09:16 - 0647080 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0481768 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0284648 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0075808 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-03-30 21:36 - 2010-11-20 01:19 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-03-30 21:36 - 2009-07-13 17:48 - 0160280 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-03-30 21:08 - 2009-07-24 20:10 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 20:26 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 20:26 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-28 19:34 - 2012-03-30 21:37 - 0000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-03-28 19:25 - 2012-03-28 19:24 - 0259384 ____A C:\Users\ajpro\Desktop\IMG_4662_2012-03-20_2012-03-20.jpg
2012-03-28 19:25 - 2012-03-28 19:24 - 0253617 ____A C:\Users\ajpro\Desktop\IMG_4671_2012-03-20_2012-03-20.jpg
2012-03-28 19:25 - 2012-03-28 19:24 - 0200904 ____A C:\Users\ajpro\Desktop\IMG_4656_2012-03-19_2012-03-19.jpg
2012-03-28 19:25 - 2012-03-17 17:51 - 0214266 ____A C:\Users\ajpro\Desktop\IMG_4654_2012-03-19_2012-03-19.jpg
2012-03-28 18:49 - 2012-04-27 14:27 - 0000000 ____D C:\Users\ajpro\AppData\Local\McAfee Anti-Theft
2012-03-28 18:47 - - 0000000 ____D C:\Program Files\Common Files\McAfee


============ 3 Months Modified Files and Folders =============

2012-04-27 17:33 - 2012-04-27 14:22 - 0000000 ____D C:\FRST
2012-04-27 14:28 - 2012-03-25 09:12 - 0745326 ____A C:\Windows\WindowsUpdate.log
2012-04-27 14:28 - 2009-12-03 22:17 - 0011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-27 14:28 - 2009-12-03 22:17 - 0011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-27 14:26 - 2009-12-04 06:48 - 0173392 ____A C:\Users\All Users\HPWALog.txt
2012-04-27 14:26 - 2009-12-04 06:48 - 0173392 ____A C:\ProgramData\HPWALog.txt
2012-04-27 14:22 - 2009-07-13 21:13 - 0730532 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-27 14:21 - 2012-04-27 14:21 - 0000330 ____A C:\Windows\ntbtlog.txt
2012-04-27 14:10 - 2009-11-08 17:13 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-27 13:55 - 2012-03-30 21:39 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-27 10:19 - 2012-04-27 10:19 - 0000000 ____D C:\Users\ajpro\Desktop\Taylor
2012-04-27 09:29 - 2012-04-27 09:29 - 0028937 ____A C:\Users\ajpro\Desktop\DDS.txt
2012-04-27 09:29 - 2012-04-27 09:29 - 0022656 ____A C:\Users\ajpro\Desktop\Attach.txt
2012-04-27 09:19 - 2012-04-27 09:19 - 0050477 ____A C:\Users\ajpro\Desktop\Defogger.exe
2012-04-27 09:16 - 2012-04-27 09:16 - 0607260 ____R (Swearware) C:\Users\ajpro\Desktop\dds.scr
2012-04-27 09:03 - 2012-04-27 09:03 - 0057814 ____A C:\Users\ajpro\Desktop\Extras.Txt
2012-04-27 09:02 - 2012-04-27 09:02 - 0116510 ____A C:\Users\ajpro\Desktop\OTL.Txt
2012-04-27 08:52 - 2012-04-27 08:52 - 0595968 ____A (OldTimer Tools) C:\Users\ajpro\Desktop\OTL.exe
2012-04-27 07:30 - 2012-03-30 21:40 - 0001828 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-04-27 07:26 - 2012-03-25 11:15 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-27 07:25 - 2012-03-30 21:38 - 0000000 __RSD C:\Users\ajpro\Documents\McAfee Vaults
2012-04-27 07:25 - 2009-11-08 17:13 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-27 07:25 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 07:24 - 2009-12-03 23:23 - 3018190848 __ASH C:\hiberfil.sys
2012-04-27 07:15 - 2012-04-27 07:15 - 0000932 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_.lnk
2012-04-27 07:15 - 2012-04-27 07:15 - 0000932 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
2012-04-27 07:06 - 2012-04-27 07:06 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_67858113.lnk
2012-04-27 07:06 - 2012-04-27 07:06 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67858113.lnk
2012-04-23 19:13 - 2012-04-23 19:13 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-23 19:13 - 2012-04-23 19:13 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-23 19:13 - 2012-04-23 19:13 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-23 19:13 - 2012-04-23 19:13 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-23 19:10 - 2012-04-23 19:10 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64.exe
2012-04-22 04:33 - 2012-04-27 07:05 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\67858113.sys
2012-04-22 04:33 - 2012-04-21 22:08 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\85062258.sys
2012-04-21 22:11 - 2012-04-21 22:11 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:11 - 2012-04-21 22:11 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 21:15 - 2012-04-21 21:13 - 132113152 ____A C:\Users\ajpro\Desktop\setup_11.0.0.1245.x01_2012_04_22_07_33.exe
2012-04-21 17:20 - 2012-04-01 19:43 - 0000000 ____D C:\Users\ajpro\Desktop\tdsskiller
2012-04-21 17:20 - 2010-06-01 17:51 - 0000000 ____D C:\Program Files\DivX
2012-04-21 17:20 - 2010-06-01 17:48 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-21 17:20 - 2010-06-01 17:46 - 0000000 ____D C:\Users\All Users\DivX
2012-04-21 17:20 - 2010-06-01 17:46 - 0000000 ____D C:\ProgramData\DivX
2012-04-21 17:20 - 2009-12-31 23:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-21 17:20 - 2009-07-21 16:48 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-04-21 17:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-21 17:19 - 2009-04-08 00:06 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-21 17:18 - 2012-03-30 21:39 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-21 17:16 - 2009-04-08 00:37 - 0000000 __RHD C:\MSOCache
2012-04-21 15:11 - 2011-12-18 11:39 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-21 14:55 - 2012-04-21 14:55 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-21 14:55 - 2012-03-30 21:39 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-21 14:55 - 2011-08-22 13:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-21 14:43 - 2012-04-21 14:43 - 0497909 ____A C:\Users\ajpro\Documents\XM Radio pymt.xps
2012-04-21 14:22 - 2009-12-03 22:22 - 0000000 ____D C:\users\ajpro
2012-04-21 14:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-21 10:50 - 2012-04-21 10:50 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-04-21 10:50 - 2012-04-21 10:50 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-04-21 09:20 - 2012-04-21 09:18 - 2053340 ____A C:\Users\ajpro\Downloads\tdsskiller.zip
2012-04-21 09:18 - 2012-04-21 09:17 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.17.57_log.txt
2012-04-21 09:16 - 2012-04-21 09:15 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.15.48_log.txt
2012-04-19 17:06 - 2012-04-19 17:06 - 0047655 ____A C:\Users\ajpro\Desktop\jason truck order.pdf
2012-04-16 19:34 - 2012-04-16 19:34 - 1539408 ____A C:\Users\ajpro\Desktop\escape side.jpg
2012-04-16 19:34 - 2012-04-16 19:34 - 1306022 ____A C:\Users\ajpro\Desktop\odometer.jpg
2012-04-16 18:33 - 2012-04-16 18:33 - 0282938 ____A C:\Users\ajpro\Documents\I Keating.xps
2012-04-16 18:22 - 2012-04-16 18:22 - 0225382 ____A C:\Users\ajpro\Documents\Kohls.xps
2012-04-08 19:26 - 2012-04-08 19:23 - 0000000 ____D C:\Users\ajpro\Desktop\2012
2012-04-08 07:32 - 2012-04-08 07:32 - 0000000 ____D C:\Program Files\Java
2012-04-03 17:43 - 2009-07-13 20:45 - 0429416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-02 18:35 - 2012-04-02 18:35 - 0247247 ____A C:\Users\ajpro\Desktop\Walmart.xps
2012-04-01 23:55 - 2012-04-01 20:03 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 23:55 - 2012-04-01 19:03 - 0000000 ____D C:\Windows\pss
2012-04-01 23:55 - 2012-03-25 09:42 - 0000000 ____D C:\Program Files (x86)\stinger
2012-04-01 23:53 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-01 20:03 - 2012-04-01 20:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-01 19:46 - 2012-04-01 19:44 - 0079928 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.44.12_log.txt
2012-04-01 19:43 - 2012-04-01 19:43 - 1954684 ____A C:\Users\ajpro\Desktop\tdsskiller.zip
2012-04-01 19:43 - 2012-04-01 19:43 - 0000346 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.43.42_log.txt
2012-04-01 18:53 - 2012-04-01 18:39 - 0000039 ___RH C:\Users\ajpro\Desktop\stinger.opt
2012-04-01 11:54 - 2011-01-12 19:23 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-01 11:54 - 2011-01-12 19:23 - 0000000 ____D C:\ProgramData\McAfee
2012-03-30 22:49 - 2012-03-25 15:32 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 22:48 - 2012-03-28 19:34 - 0000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-03-30 22:45 - 2009-11-19 15:24 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-30 22:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-30 22:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-03-30 22:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-03-30 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-03-30 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-03-30 22:41 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-30 22:41 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-30 22:41 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-03-30 22:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-30 22:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-03-30 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-03-30 22:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-30 21:40 - 2006-11-02 04:34 - 0000251 ____A C:\Windows\win.ini
2012-03-30 21:38 - 2012-03-30 21:36 - 0000000 ____D C:\Program Files\McAfee
2012-03-30 21:37 - 2012-03-30 21:37 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-03-30 21:37 - 2012-03-28 18:47 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-03-30 21:37 - 2011-01-12 19:24 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-30 21:36 - 2012-03-30 21:36 - 0000000 ____D C:\Program Files\McAfee.com
2012-03-30 21:08 - 2012-03-30 21:08 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 21:05 - 2012-03-25 11:05 - 0000428 ____A C:\rkill.log
2012-03-30 20:57 - 2012-03-25 21:13 - 0000000 ____D C:\Users\ajpro\Desktop\Chameleon
2012-03-30 20:57 - 2012-03-25 17:50 - 0000000 ____D C:\Program Files (x86)\iolo
2012-03-30 20:57 - 2012-03-25 17:37 - 0000000 ____D C:\Users\All Users\iolo
2012-03-30 20:57 - 2012-03-25 17:37 - 0000000 ____D C:\ProgramData\iolo
2012-03-30 20:57 - 2012-03-25 15:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-30 20:57 - 2012-03-25 14:59 - 0000000 ____D C:\Program Files (x86)\SpeedMaxPc
2012-03-30 20:57 - 2011-07-14 07:08 - 0000000 ____D C:\Windows\en
2012-03-30 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-30 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-03-30 20:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-30 20:57 - 2009-04-08 00:43 - 0000000 ____D C:\Windows\Downloaded Installations
2012-03-30 20:56 - 2012-01-08 08:34 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-30 20:56 - 2009-12-03 22:18 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-03-30 20:56 - 2009-08-29 15:15 - 0000000 ____D C:\Windows\SysWOW64\summerflowers_3138426 dir
2012-03-30 20:56 - 2009-08-03 18:07 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-30 20:56 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-03-30 20:56 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-03-30 20:56 - 2009-05-06 19:15 - 0000000 ____D C:\Windows\JMCR_DIR
2012-03-30 20:56 - 2009-05-06 19:14 - 0000000 ____D C:\Windows\SysWOW64\HPMDP
2012-03-30 20:56 - 2009-05-06 19:09 - 0000000 ____D C:\Windows\System32\nn-NO
2012-03-30 20:26 - 2012-03-30 20:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 20:26 - 2012-03-30 20:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-28 19:37 - 2012-03-28 18:49 - 0000000 ____D C:\Users\ajpro\AppData\Local\McAfee Anti-Theft
2012-03-28 19:24 - 2012-03-28 19:25 - 0259384 ____A C:\Users\ajpro\Desktop\IMG_4662_2012-03-20_2012-03-20.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0253617 ____A C:\Users\ajpro\Desktop\IMG_4671_2012-03-20_2012-03-20.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0214266 ____A C:\Users\ajpro\Desktop\IMG_4654_2012-03-19_2012-03-19.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0200904 ____A C:\Users\ajpro\Desktop\IMG_4656_2012-03-19_2012-03-19.jpg
2012-03-26 15:29 - 2011-12-07 19:08 - 0000000 ____D C:\Users\ajpro\Desktop\backup
2012-03-26 15:28 - 2012-03-25 14:59 - 0000000 ____D C:\Users\All Users\SpeedMaxPc
2012-03-26 15:28 - 2012-03-25 14:59 - 0000000 ____D C:\ProgramData\SpeedMaxPc
2012-03-25 21:25 - 2012-03-25 21:23 - 0004444 ____A C:\ioloUpdate.log
2012-03-25 21:22 - 2012-03-25 21:22 - 0000000 ____D C:\iolo
2012-03-25 21:14 - 2012-03-25 21:14 - 0029808 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-03-25 17:51 - 2012-03-25 17:51 - 0000230 ____A C:\Windows\Tasks\SidebarExecute.job
2012-03-25 17:42 - 2012-03-25 17:42 - 0074703 ____A C:\Windows\SysWOW64\mfc45.dll
2012-03-25 17:37 - 2012-03-25 17:37 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\iolo
2012-03-25 15:31 - 2012-03-25 15:31 - 15540296 ____A (SUPERAntiSpyware.com) C:\Users\ajpro\Desktop\SUPERAntiSpyware.com
2012-03-25 15:04 - 2012-03-25 15:04 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\ajpro\Desktop\mbb.exe
2012-03-25 14:59 - 2012-03-25 14:59 - 0000422 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000416 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000400 ____A C:\Windows\Tasks\SpeedMaxPc.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\SpeedMaxPc
2012-03-25 14:59 - 2012-03-25 14:59 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\DriverCure
2012-03-25 11:13 - 2012-03-25 11:09 - 0130808 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_14.09.11_log.txt
2012-03-25 11:12 - 2012-03-25 11:12 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-25 10:21 - 2012-03-25 10:21 - 0000031 ____A C:\Users\ajpro\Documents\reference number.txt
2012-03-25 09:53 - 2012-03-25 09:53 - 9273408 ____A (McAfee Inc.) C:\Users\ajpro\Desktop\stinger.exe
2012-03-25 05:12 - 2012-03-25 05:12 - 0065536 __ASH C:\Windows\System32\config\components{e5ffe198-763d-11e1-80e4-00235a9df105}.TxR.blf
2012-03-24 22:17 - 2006-11-02 04:34 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-03-24 21:50 - 2012-03-24 21:50 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-24 16:30 - 2012-03-24 16:30 - 0743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-24 16:04 - 2011-01-13 16:24 - 0000000 ____D C:\Users\ajpro\Desktop\Microsoft Office
2012-03-24 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-24 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-24 16:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-03-24 15:59 - 2009-07-19 19:56 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\CyberLink
2012-03-24 15:59 - 1999-03-30 10:17 - 0000000 ___HD C:\System.sav
2012-03-24 15:58 - 2012-03-08 19:02 - 0000000 ____D C:\Program Files\HTC
2012-03-24 15:58 - 2009-12-03 22:18 - 0000000 ____D C:\Program Files\IDT
2012-03-24 15:58 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-24 15:58 - 2009-04-08 00:47 - 0000000 ____D C:\Users\All Users\CyberLink
2012-03-24 15:58 - 2009-04-08 00:47 - 0000000 ____D C:\ProgramData\CyberLink
2012-03-24 15:58 - 2009-04-08 00:42 - 0000000 ____D C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2012-03-24 15:58 - 2009-04-08 00:42 - 0000000 ____D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2012-03-24 15:58 - 2009-04-08 00:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-24 15:58 - 2009-04-08 00:39 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-24 15:58 - 2009-04-08 00:08 - 0000000 ____D C:\Users\All Users\WildTangent
2012-03-24 15:58 - 2009-04-08 00:08 - 0000000 ____D C:\ProgramData\WildTangent
2012-03-24 15:57 - 2011-01-12 20:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-24 15:57 - 2011-01-12 20:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-24 15:57 - 2009-08-09 14:49 - 0000000 ____D C:\Program Files (x86)\PIXresizer
2012-03-24 15:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-24 15:57 - 2009-04-08 01:13 - 0000000 ____D C:\Program Files (x86)\SMINST
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\NetZeroPreloader
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\JunoPreloader
2012-03-24 15:57 - 2009-04-08 00:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-24 15:57 - 2009-04-08 00:08 - 0000000 ____D C:\Program Files (x86)\HP Games
2012-03-24 15:57 - 2009-04-07 23:39 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-24 15:56 - 2009-04-08 00:47 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-03-24 15:55 - 2012-03-21 16:16 - 0000000 ____D C:\8f8188d5bbc8515eb11cb55adba22a24
2012-03-24 15:55 - 2012-03-20 20:27 - 0000000 ____D C:\68c6be241ccc820156
2012-03-24 15:55 - 2011-09-28 20:09 - 0000000 ____D C:\cd91c6e3845ab9673b84e3189c5c
2012-03-24 15:55 - 2011-08-14 20:06 - 0000000 ____D C:\8d28baf2a8c3a133d8591b266f44
2012-03-24 15:55 - 2010-09-19 19:33 - 0000000 ____D C:\9631592c33c18d7437159acccc0ab8
2012-03-24 15:55 - 2010-06-01 17:56 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-03-24 15:55 - 2010-02-09 21:39 - 0000000 ____D C:\716f8851aab248b39f51
2012-03-24 15:55 - 2009-07-19 20:32 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-24 15:55 - 2009-05-06 19:09 - 0000000 ____D C:\Program Files (x86)\Atheros
2012-03-24 15:55 - 2009-04-08 00:42 - 0000000 ____D C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2012-03-24 15:55 - 2009-04-07 23:01 - 0000000 ___HD C:\HP
2012-03-24 15:29 - 2011-07-18 06:56 - 0000000 ____D C:\Users\Public\CyberLink
2012-03-24 15:29 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-24 15:28 - 2011-06-25 19:56 - 0000000 ____D C:\Users\ajpro\AppData\Local\Sony Corporation
2012-03-24 15:28 - 2011-05-03 18:36 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Research In Motion
2012-03-24 15:28 - 2009-07-19 20:50 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Macromedia
2012-03-24 15:28 - 2009-07-19 20:50 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Adobe
2012-03-24 15:28 - 2009-07-19 20:31 - 0000000 ____D C:\Users\ajpro\AppData\LocalLow
2012-03-24 15:27 - 2010-01-19 15:26 - 0000000 ____D C:\Users\ajpro\AppData\Local\Downloaded Installations
2012-03-24 15:27 - 2009-07-24 07:12 - 0000000 ____D C:\Users\ajpro\AppData\Local\Microsoft Games
2012-03-24 15:27 - 2009-07-19 20:40 - 0000000 ____D C:\Users\ajpro\AppData\Local\Hewlett-Packard
2012-03-24 15:27 - 2009-07-19 19:40 - 0000000 ____D C:\Users\ajpro\AppData\Local\Google
2012-03-24 15:27 - 2008-06-09 05:44 - 0000000 ____D C:\SwSetup
2012-03-24 15:25 - 2010-01-19 15:26 - 0000000 ____D C:\Users\All Users\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-03-24 15:25 - 2010-01-19 15:26 - 0000000 ____D C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-03-24 15:22 - 2009-12-31 23:27 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-24 15:22 - 2009-12-31 23:27 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-24 15:22 - 2009-07-19 19:40 - 0000000 ____D C:\Users\All Users\Google
2012-03-24 15:22 - 2009-07-19 19:40 - 0000000 ____D C:\ProgramData\Google
2012-03-24 15:22 - 2009-04-08 00:46 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-24 15:22 - 2009-04-08 00:46 - 0000000 ____D C:\ProgramData\Adobe
2012-03-24 15:22 - 2009-04-07 23:40 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-03-24 15:22 - 2009-04-07 23:40 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-03-24 15:21 - 2011-03-27 14:42 - 0000000 ____D C:\Program Files\Windows Live
2012-03-24 15:21 - 2010-03-25 17:19 - 0000000 ____D C:\Program Files\Synaptics
2012-03-24 15:21 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-03-24 15:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-03-24 15:21 - 2009-04-08 00:39 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-24 15:20 - 2009-08-26 10:06 - 0000000 ____D C:\Program Files\Google
2012-03-24 15:20 - 2009-07-19 18:36 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-24 15:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-24 15:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-24 15:20 - 2009-05-06 19:10 - 0000000 ____D C:\Program Files\ATI
2012-03-24 15:20 - 2009-04-08 01:06 - 0000000 ____D C:\Program Files\AWS
2012-03-24 15:20 - 2009-04-07 23:13 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-03-24 15:19 - 2011-06-25 19:55 - 0000000 ____D C:\Program Files (x86)\Sony
2012-03-24 15:19 - 2011-05-03 18:34 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-03-24 15:19 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-24 15:19 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-24 15:19 - 2009-05-06 20:35 - 0000000 ____D C:\Program Files (x86)\muvee Technologies
2012-03-24 15:19 - 2009-05-06 19:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-24 15:19 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\MSN
2012-03-24 15:19 - 2009-04-08 00:43 - 0000000 ____D C:\Program Files (x86)\Sling Media
2012-03-24 15:19 - 2009-04-08 00:08 - 0000000 ___RD C:\Program Files (x86)\Online Services
2012-03-24 15:18 - 2011-01-12 20:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-03-24 15:18 - 2011-01-12 20:55 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-24 15:17 - 2011-01-12 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-03-24 15:17 - 2009-04-08 01:06 - 0000000 ____D C:\Program Files (x86)\Java
2012-03-24 15:17 - 2009-04-08 00:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-24 15:16 - 2012-03-08 19:01 - 0000000 ____D C:\Program Files (x86)\HTC
2012-03-24 15:16 - 2009-04-08 01:17 - 0000000 ____D C:\Program Files (x86)\Hp
2012-03-24 15:14 - 2009-04-07 23:13 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-24 15:13 - 2009-07-19 19:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-24 15:12 - 2011-03-05 08:38 - 0000000 ____D C:\Program Files (x86)\EPSON Projector
2012-03-24 15:09 - 2010-01-17 21:51 - 0000000 ____D C:\Program Files (x86)\Bash Software
2012-03-24 15:09 - 2009-05-06 19:10 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-03-24 15:09 - 2009-05-06 19:09 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-03-24 15:08 - 2009-04-08 00:46 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-24 14:59 - 2009-07-13 23:44 - 0000000 __RHD C:\Users\Public\Recorded TV
2012-03-24 14:51 - 2012-03-24 10:02 - 0000000 ____D C:\Program Files (x86)\RegInOut
2012-03-24 14:26 - 2009-12-31 23:27 - 0000000 ___HD C:\Users\ajpro\AppData\Roaming\Malwarebytes
2012-03-24 10:03 - 2012-03-24 10:03 - 0000000 ____D C:\Users\All Users\RegInOut
2012-03-24 10:03 - 2012-03-24 10:03 - 0000000 ____D C:\ProgramData\RegInOut
2012-03-24 09:49 - 2012-03-24 08:41 - 0000000 ____D C:\Users\ajpro\AppData\Local\ElevatedDiagnostics
2012-03-24 09:37 - 2012-03-24 09:37 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-03-23 17:37 - 2012-03-23 17:37 - 0000000 ____D C:\Windows\system64
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\Users\All Users\hGR878u0.exe_.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\Users\All Users\hGR878u0.exe.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\ProgramData\hGR878u0.exe_.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\ProgramData\hGR878u0.exe.b
2012-03-22 17:48 - 2012-03-20 15:27 - 0000112 ___AH C:\Users\All Users\wm03D7ol2.dat
2012-03-22 17:48 - 2012-03-20 15:27 - 0000112 ___AH C:\ProgramData\wm03D7ol2.dat
2012-03-21 19:22 - 2011-12-16 20:06 - 0000000 ___HD C:\Users\ajpro\Documents\Uppercase Living
2012-03-19 18:51 - 2012-03-19 18:51 - 0000000 ___HD C:\Windows\Sun
2012-03-17 19:40 - 2012-03-17 19:40 - 0001404 ___AH C:\Users\ajpro\Downloads\163_uwguidelines.htm
2012-03-17 17:58 - 2012-03-17 17:58 - 0191892 ____A C:\Users\ajpro\Desktop\My%20F150.jpg
2012-03-17 17:57 - 2012-03-17 17:57 - 0073911 ____A C:\Users\ajpro\Desktop\frontdriversidefront.jpg
2012-03-17 17:53 - 2012-03-17 17:53 - 0256809 ____A C:\Users\ajpro\Desktop\IMG_0308.jpg
2012-03-17 17:51 - 2012-03-17 17:51 - 0128475 ____A C:\Users\ajpro\Desktop\IMG_1055.jpg
2012-03-17 17:51 - 2012-03-17 17:51 - 0122617 ____A C:\Users\ajpro\Desktop\IMG_1031.jpg
2012-03-17 10:18 - 2012-03-17 10:18 - 0224333 ___AH C:\Users\ajpro\Documents\Kohls March.xps
2012-03-17 08:41 - 2012-03-17 08:41 - 0153908 ____A C:\Users\ajpro\Desktop\image-2301790277.jpg
2012-03-17 08:37 - 2012-03-17 08:37 - 0241779 ____A C:\Users\ajpro\Desktop\dsc0126fm.jpg
2012-03-17 08:30 - 2012-03-17 08:31 - 0097648 ____A C:\Users\ajpro\Desktop\newtruck2.jpg
2012-03-14 20:25 - 2012-03-14 20:26 - 0145600 ____A C:\Users\ajpro\Desktop\image-3173331021.jpg
2012-03-14 20:22 - 2012-03-14 20:22 - 0141575 ____A C:\Users\ajpro\Desktop\photo.jpg
2012-03-14 20:18 - 2012-03-14 20:19 - 0296552 ____A C:\Users\ajpro\Desktop\IMG_0095.jpg
2012-03-08 19:11 - 2011-06-30 18:05 - 0000308 ___AH C:\Users\ajpro\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ___HD C:\Users\ajpro\AppData\Roaming\InstallShield
2012-03-07 18:06 - 2012-03-07 18:06 - 0261075 ___AH C:\Users\ajpro\Documents\Verizon.xps
2012-03-05 19:17 - 2012-03-05 19:17 - 0963779 ____A C:\Users\ajpro\Desktop\2012 F150 Order Guide.pdf
2012-03-05 16:56 - 2012-03-05 16:56 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{D16C9695-033D-4D60-BED7-A7E481F0B634}
2012-03-05 16:56 - 2012-03-05 16:56 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{0C111A7B-493F-4222-BCFA-C3720789A509}
2012-03-05 16:56 - 2010-12-04 14:25 - 0000000 ___HD C:\Users\ajpro\AppData\Local\Windows Live
2012-03-04 18:39 - 2012-03-04 18:39 - 0114748 ____A C:\Users\ajpro\Desktop\$(KGrHqJ,!gwE8NWumGjnBPRY(j!CeQ~~_4.jpg
2012-03-04 14:19 - 2012-04-02 15:05 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-28 18:50 - 2012-02-28 18:50 - 0220351 ___AH C:\Users\ajpro\Documents\Pampered Chef.xps
2012-02-25 21:00 - 2012-02-25 21:00 - 0286095 ___AH C:\Users\ajpro\Documents\Walmart.xps
2012-02-25 20:41 - 2012-02-25 20:41 - 0039432 ___AH C:\Users\ajpro\Downloads\downsized950221121940.jpg
2012-02-25 20:37 - 2012-02-25 20:37 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{DB65375C-F897-4C32-B8CA-2514F2C9EFF6}
2012-02-25 20:37 - 2012-02-25 20:37 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{9C83AB62-EC11-42CE-A240-C40DB0A984AD}
2012-02-21 19:13 - 2009-07-13 21:08 - 0032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-19 15:30 - 2012-02-19 15:30 - 0179137 ___AH C:\Users\ajpro\Documents\UL free items.docx
2012-02-17 15:38 - 2009-07-19 20:40 - 0000174 __ASH C:\Users\ajpro\Start Menu\Programs\Startup\desktop.ini
2012-02-17 15:38 - 2009-07-19 20:40 - 0000174 __ASH C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 22:38 - 2012-04-02 15:13 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-04-02 15:13 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-04-02 15:13 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-04-02 15:13 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:00 - 2012-02-16 16:00 - 0211303 ___AH C:\Users\ajpro\Documents\Kohls Feb.xps
2012-02-09 22:36 - 2012-04-02 15:14 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-04-02 15:14 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-04-02 15:14 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 18:44 - 2012-02-01 18:44 - 0000404 ___AH C:\Users\ajpro\Documents\petco.txt
2012-01-29 10:56 - 2012-01-29 10:56 - 0013369 ___AH C:\Users\ajpro\Documents\Sign up for updates.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3837.83 MB
Available physical RAM: 3233.52 MB
Total Pagefile: 3835.98 MB
Available Pagefile: 3216.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.04 GB) (Free:208.15 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Disk 1 Online 1901 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 284 GB 1024 KB
Partition 2 Primary 14 GB 284 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1901 MB 8 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1901 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-12-09 16:34

======================= End Of Log ==========================

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 28 April 2012 - 02:51 PM

Good evening. :)

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

SubSystems: [Windows] ==> ZeroAccess
2 winvnc4; C:\Windows\System32\belmonitorservice.dll [6656 2009-07-13] (Oak Technology Inc.)
NETSVC: winvnc4
C:\Windows\System32\belmonitorservice.dll

Save the file to your flashdrive as fixlist.txt
Enter the System Recovery Options as before, run FRST64 and click the Fix button just once and wait.
Once the tool has completed it will save a log on the flashdrive called Fixlog.txt - i'd like you to post the contents in your next reply.

So long, and thanks for all the fish.

 

 


#7 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 28 April 2012 - 03:56 PM

Thanks for you help so far!

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 2012-04-28 15:48:40 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored.
winvnc4 service not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs winvnc4 not found.
C:\Windows\System32\belmonitorservice.dll not found.

==== End of Fixlog ====

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 28 April 2012 - 05:17 PM

Does your anti-virus still detect the naughty file?

So long, and thanks for all the fish.

 

 


#9 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 29 April 2012 - 12:11 AM

I ran a full scan and it has found quite a few files that were either unable to delete or quarantined. The consrv.dll file is still there. I rebooted after scan and would not boot up properly and in order to get back had to do a system restore. I wrote down the names of the files in case that would help.

ATIVTUTW.dll Quarantined
btkrnl.dll Quarantined
consrv.dll Quarantined
hsf_dpv.dll Quarantined
MegaSR.dll Quarantined
npkcsvc.dll Quarantined
nocashio.dll Quarantined
winachsf.dll Quarantined
w550bus.dll Quarantined
ppmoucls.dll Will be scanned after PC restart
Desktop.ini Unable to delete
Desktop.ini Unable to delete
winachsf.dll Unable to delete
w550bus.dll unable to delete
slap-data52.dll unable to delete
ppmoucls.dll unable to delete
npkcsvc.dll unable to delete
nocashio.dll unable to delete
msk80service.dll unable to delete
MegaSR.dll unable to delete
hsf_dpv.dll unable to delete

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 29 April 2012 - 02:18 PM

Good evening. :)

Grand job. Will you run FRST again and let it scan your system as before - i'd like to see whether or not the entries that were in the first log, but couldn't be found, are still present.

So long, and thanks for all the fish.

 

 


#11 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 29 April 2012 - 03:14 PM

Here is the log as requested


Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 29-04-2012 14:53:21
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-27] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [210216 2009-01-21] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT [329632 2009-04-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [434360 2010-10-12] (iolo technologies, LLC)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKU\ajpro\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\ajpro\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer\Run: [53668] C:\PROGRA~3\LOCALS~1\Temp\mshgda.cmd
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-21] (Adobe Systems Incorporated)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-05-05] (WildTangent, Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2010-02-26] (Hewlett-Packard Company)
2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-10-12] (iolo technologies, LLC)
2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-10-12] (iolo technologies, LLC)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2011-10-18] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-12-06] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-12-06] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-12-06] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-02] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-11-26] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-11-26] ()
2 HP Health Check Service; "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

0 85062258; C:\Windows\System32\Drivers\85062258.sys [460888 2012-04-22] (Kaspersky Lab ZAO)
3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2010-02-26] (Hewlett-Packard Company)
0 AtiPcie; C:\Windows\System32\Drivers\AtiPcie.sys [16400 2008-04-27] (ATI Technologies Inc.)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2010-02-26] (Hewlett-Packard Company)
1 kl1; C:\Windows\System32\Drivers\kl1.sys [156688 2009-06-15] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [26640 2009-05-15] (Kaspersky Lab)
3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [29808 2012-03-25] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [184832 2008-11-10] (Realtek Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: penclass
NETSVC: k750bus
NETSVC: symantecantibotdriver
NETSVC: websenseclientdeployservice
NETSVC: prodrv06
NETSVC: DcPTP
NETSVC: risdptsk
NETSVC: stunnel
NETSVC: UNDPX2A
NETSVC: tfsndres
NETSVC: ShockMgr

============ One Month Created Files and Folders ==============

2012-04-28 13:37 - 2011-02-07 10:56 - 0374919 ____A C:\Users\ajpro\Documents\My UL order.xps
2012-04-28 09:13 - 2012-04-19 17:06 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Desktop\jre-6u31-windows-x64.exe
2012-04-28 09:11 - 2011-04-04 17:18 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64 (1).exe
2012-04-27 14:22 - 2007-11-07 05:00 - 0000000 ____D C:\FRST
2012-04-27 10:19 - 2012-03-25 15:31 - 0000000 ____D C:\Users\ajpro\Desktop\Taylor
2012-04-27 09:29 - 2012-03-30 20:57 - 0028937 ____A C:\Users\ajpro\Desktop\DDS.txt
2012-04-27 09:29 - 2012-03-05 19:17 - 0022656 ____A C:\Users\ajpro\Desktop\Attach.txt
2012-04-27 09:03 - 2012-04-16 19:34 - 0057814 ____A C:\Users\ajpro\Desktop\Extras.Txt
2012-04-27 09:02 - 2012-04-16 19:34 - 0116510 ____A C:\Users\ajpro\Desktop\OTL.Txt
2012-04-23 19:10 - 2012-04-28 09:11 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64.exe
2012-04-23 18:58 - 2012-04-28 18:00 - 0000000 ____A C:\Windows\setuperr.log
2012-04-23 18:58 - 2012-03-30 22:41 - 0001078 ____A C:\Windows\PFRO.log
2012-04-23 18:58 - 2012-03-30 20:56 - 0028900 ____A C:\Windows\setupact.log
2012-04-22 18:57 - 2009-07-13 17:39 - 0071900 ____A C:\Windows\ntbtlog.txt
2012-04-21 22:11 - 2012-02-17 15:38 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:11 - 2012-02-17 15:38 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:08 - 2010-11-20 02:44 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\85062258.sys
2012-04-21 21:13 - 2009-08-09 14:49 - 132113152 ____A C:\Users\ajpro\Desktop\setup_11.0.0.1245.x01_2012_04_22_07_33.exe
2012-04-21 14:55 - 2012-04-21 14:55 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-21 14:43 - 2011-07-15 22:00 - 0497909 ____A C:\Users\ajpro\Documents\XM Radio pymt.xps
2012-04-21 10:50 - 2012-03-30 20:57 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-04-21 10:50 - 2012-03-30 20:57 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-04-21 09:18 - 2012-04-23 19:10 - 2053340 ____A C:\Users\ajpro\Downloads\tdsskiller.zip
2012-04-21 09:17 - 2012-04-21 09:16 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.17.57_log.txt
2012-04-21 09:15 - 2012-04-01 19:46 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.15.48_log.txt
2012-04-19 17:06 - 2012-03-28 19:24 - 0047655 ____A C:\Users\ajpro\Desktop\jason truck order.pdf
2012-04-16 19:34 - 2012-03-17 08:30 - 1306022 ____A C:\Users\ajpro\Desktop\odometer.jpg
2012-04-16 19:34 - 2011-10-15 14:44 - 1539408 ____A C:\Users\ajpro\Desktop\escape side.jpg
2012-04-16 18:33 - 2009-12-11 08:41 - 0282938 ____A C:\Users\ajpro\Documents\I Keating.xps
2012-04-16 18:22 - 2012-03-17 10:18 - 0225382 ____A C:\Users\ajpro\Documents\Kohls.xps
2012-04-08 19:23 - 2012-03-04 18:39 - 0000000 ____D C:\Users\ajpro\Desktop\2012
2012-04-08 07:32 - 2012-03-24 16:02 - 0000000 ____D C:\Program Files\Java
2012-04-02 18:35 - 2012-04-01 19:43 - 0247247 ____A C:\Users\ajpro\Desktop\Walmart.xps
2012-04-02 15:14 - 2012-02-16 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-02 15:14 - 2010-11-20 05:27 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-02 15:14 - 2010-11-20 05:26 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-02 15:14 - 2010-11-20 04:18 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-02 15:14 - 2009-07-13 17:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-02 15:14 - 2009-07-13 17:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-02 15:13 - 2010-11-20 05:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-02 15:13 - 2010-11-20 04:21 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-02 15:13 - 2009-07-13 16:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-02 15:13 - 2009-07-13 16:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-02 15:05 - 2009-07-13 17:39 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-01 20:03 - 2012-03-24 15:21 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 20:03 - 2012-03-24 15:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-01 19:44 - 2012-04-01 19:43 - 0079928 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.44.12_log.txt
2012-04-01 19:43 - 2012-04-27 10:19 - 0000000 ____D C:\Users\ajpro\Desktop\tdsskiller
2012-04-01 19:43 - 2012-04-21 17:20 - 1954684 ____A C:\Users\ajpro\Desktop\tdsskiller.zip
2012-04-01 19:43 - 2012-03-24 15:59 - 0000346 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.43.42_log.txt
2012-04-01 19:03 - 2012-02-16 15:57 - 0000000 ____D C:\Windows\pss
2012-04-01 18:39 - 2012-03-25 09:53 - 0000039 ___RH C:\Users\ajpro\Desktop\stinger.opt
2012-03-30 21:40 - 2012-03-30 21:08 - 0001828 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-03-30 21:39 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 21:39 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-30 21:39 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 21:38 - 2011-03-16 14:38 - 0000000 __RSD C:\Users\ajpro\Documents\McAfee Vaults
2012-03-30 21:38 - 2009-07-13 16:01 - 0071800 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2012-03-30 21:37 - 2012-03-30 22:48 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-03-30 21:36 - 2012-04-08 07:32 - 0000000 ____D C:\Program Files\McAfee
2012-03-30 21:36 - 2012-03-30 21:38 - 0000000 ____D C:\Program Files\McAfee.com
2012-03-30 21:36 - 2011-10-15 09:16 - 0647080 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0481768 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0284648 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0075808 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-03-30 21:36 - 2011-10-15 09:16 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-03-30 21:36 - 2010-11-20 01:19 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-03-30 21:36 - 2009-07-13 17:48 - 0160280 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-03-30 21:08 - 2009-07-24 20:10 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 20:26 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 20:26 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com


============ 3 Months Modified Files and Folders =============

2012-04-29 14:53 - 2012-04-27 14:22 - 0000000 ____D C:\FRST
2012-04-29 11:50 - 2012-03-25 09:12 - 0729714 ____A C:\Windows\WindowsUpdate.log
2012-04-29 11:50 - 2009-12-04 06:48 - 0143284 ____A C:\Users\All Users\HPWALog.txt
2012-04-29 11:50 - 2009-12-04 06:48 - 0143284 ____A C:\ProgramData\HPWALog.txt
2012-04-29 11:49 - 2012-04-22 18:57 - 0071900 ____A C:\Windows\ntbtlog.txt
2012-04-29 11:10 - 2009-11-08 17:13 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-29 10:55 - 2012-03-30 21:39 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-28 21:10 - 2009-11-08 17:13 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-28 21:02 - 2012-04-28 21:02 - 0000634 ____A C:\Users\ajpro\Desktop\Mcafee files not fixed.txt
2012-04-28 20:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-28 20:55 - 2009-04-08 00:37 - 0000000 __RHD C:\MSOCache
2012-04-28 18:08 - 2009-12-03 22:17 - 0011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-28 18:08 - 2009-12-03 22:17 - 0011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-28 18:06 - 2012-03-30 21:40 - 0001828 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-04-28 18:01 - 2012-03-30 21:38 - 0000000 __RSD C:\Users\ajpro\Documents\McAfee Vaults
2012-04-28 18:01 - 2012-03-25 11:15 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-28 18:00 - 2012-04-23 18:58 - 0028900 ____A C:\Windows\setupact.log
2012-04-28 18:00 - 2009-12-03 22:22 - 0000000 ____D C:\users\ajpro
2012-04-28 18:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-28 17:59 - 2009-12-03 23:23 - 3018190848 __ASH C:\hiberfil.sys
2012-04-28 17:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-28 13:37 - 2012-04-28 13:37 - 0374919 ____A C:\Users\ajpro\Documents\My UL order.xps
2012-04-28 09:13 - 2012-04-28 09:13 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Desktop\jre-6u31-windows-x64.exe
2012-04-28 09:11 - 2012-04-28 09:11 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64 (1).exe
2012-04-28 08:23 - 2012-04-23 18:58 - 0001078 ____A C:\Windows\PFRO.log
2012-04-27 10:19 - 2012-04-27 10:19 - 0000000 ____D C:\Users\ajpro\Desktop\Taylor
2012-04-27 09:29 - 2012-04-27 09:29 - 0028937 ____A C:\Users\ajpro\Desktop\DDS.txt
2012-04-27 09:29 - 2012-04-27 09:29 - 0022656 ____A C:\Users\ajpro\Desktop\Attach.txt
2012-04-27 09:03 - 2012-04-27 09:03 - 0057814 ____A C:\Users\ajpro\Desktop\Extras.Txt
2012-04-27 09:02 - 2012-04-27 09:02 - 0116510 ____A C:\Users\ajpro\Desktop\OTL.Txt
2012-04-23 19:10 - 2012-04-23 19:10 - 17255712 ____A (Sun Microsystems, Inc.) C:\Users\ajpro\Downloads\jre-6u31-windows-x64.exe
2012-04-23 18:58 - 2012-04-23 18:58 - 0000000 ____A C:\Windows\setuperr.log
2012-04-22 04:33 - 2012-04-21 22:08 - 0460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\85062258.sys
2012-04-21 22:11 - 2012-04-21 22:11 - 0000972 ____A C:\Users\ajpro\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 22:11 - 2012-04-21 22:11 - 0000972 ____A C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97591721.lnk
2012-04-21 21:15 - 2012-04-21 21:13 - 132113152 ____A C:\Users\ajpro\Desktop\setup_11.0.0.1245.x01_2012_04_22_07_33.exe
2012-04-21 17:20 - 2012-04-01 19:43 - 0000000 ____D C:\Users\ajpro\Desktop\tdsskiller
2012-04-21 17:20 - 2010-06-01 17:51 - 0000000 ____D C:\Program Files\DivX
2012-04-21 17:20 - 2010-06-01 17:48 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-21 17:20 - 2010-06-01 17:46 - 0000000 ____D C:\Users\All Users\DivX
2012-04-21 17:20 - 2010-06-01 17:46 - 0000000 ____D C:\ProgramData\DivX
2012-04-21 17:20 - 2009-12-31 23:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-21 17:20 - 2009-07-21 16:48 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-04-21 17:19 - 2009-04-08 00:06 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-21 17:18 - 2012-03-30 21:39 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-21 15:11 - 2011-12-18 11:39 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-21 14:55 - 2012-04-21 14:55 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-21 14:55 - 2012-03-30 21:39 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-21 14:55 - 2011-08-22 13:06 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-21 14:43 - 2012-04-21 14:43 - 0497909 ____A C:\Users\ajpro\Documents\XM Radio pymt.xps
2012-04-21 10:50 - 2012-04-21 10:50 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-04-21 10:50 - 2012-04-21 10:50 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-04-21 09:20 - 2012-04-21 09:18 - 2053340 ____A C:\Users\ajpro\Downloads\tdsskiller.zip
2012-04-21 09:18 - 2012-04-21 09:17 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.17.57_log.txt
2012-04-21 09:16 - 2012-04-21 09:15 - 0000346 ____A C:\TDSSKiller.2.7.2.0_21.04.2012_12.15.48_log.txt
2012-04-19 17:06 - 2012-04-19 17:06 - 0047655 ____A C:\Users\ajpro\Desktop\jason truck order.pdf
2012-04-16 19:34 - 2012-04-16 19:34 - 1539408 ____A C:\Users\ajpro\Desktop\escape side.jpg
2012-04-16 19:34 - 2012-04-16 19:34 - 1306022 ____A C:\Users\ajpro\Desktop\odometer.jpg
2012-04-16 18:33 - 2012-04-16 18:33 - 0282938 ____A C:\Users\ajpro\Documents\I Keating.xps
2012-04-16 18:22 - 2012-04-16 18:22 - 0225382 ____A C:\Users\ajpro\Documents\Kohls.xps
2012-04-08 19:26 - 2012-04-08 19:23 - 0000000 ____D C:\Users\ajpro\Desktop\2012
2012-04-08 07:32 - 2012-04-08 07:32 - 0000000 ____D C:\Program Files\Java
2012-04-03 17:43 - 2009-07-13 20:45 - 0429416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-02 18:35 - 2012-04-02 18:35 - 0247247 ____A C:\Users\ajpro\Desktop\Walmart.xps
2012-04-01 23:55 - 2012-04-01 20:03 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-01 23:55 - 2012-04-01 19:03 - 0000000 ____D C:\Windows\pss
2012-04-01 23:55 - 2012-03-25 09:42 - 0000000 ____D C:\Program Files (x86)\stinger
2012-04-01 23:53 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-01 20:03 - 2012-04-01 20:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-01 19:46 - 2012-04-01 19:44 - 0079928 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.44.12_log.txt
2012-04-01 19:43 - 2012-04-01 19:43 - 1954684 ____A C:\Users\ajpro\Desktop\tdsskiller.zip
2012-04-01 19:43 - 2012-04-01 19:43 - 0000346 ____A C:\TDSSKiller.2.7.2.0_01.04.2012_22.43.42_log.txt
2012-04-01 18:53 - 2012-04-01 18:39 - 0000039 ___RH C:\Users\ajpro\Desktop\stinger.opt
2012-04-01 11:54 - 2011-01-12 19:23 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-01 11:54 - 2011-01-12 19:23 - 0000000 ____D C:\ProgramData\McAfee
2012-03-30 22:49 - 2012-03-25 15:32 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 22:48 - 2012-03-28 19:34 - 0000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-03-30 22:45 - 2009-11-19 15:24 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-30 22:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-30 22:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-30 22:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-30 22:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-03-30 22:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-03-30 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-03-30 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-03-30 22:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-03-30 22:41 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-30 22:41 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-30 22:41 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-30 22:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-03-30 22:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-30 22:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-03-30 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-03-30 22:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-30 21:40 - 2006-11-02 04:34 - 0000251 ____A C:\Windows\win.ini
2012-03-30 21:38 - 2012-03-30 21:36 - 0000000 ____D C:\Program Files\McAfee
2012-03-30 21:37 - 2012-03-30 21:37 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-03-30 21:37 - 2012-03-28 18:47 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-03-30 21:37 - 2011-01-12 19:24 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-30 21:36 - 2012-03-30 21:36 - 0000000 ____D C:\Program Files\McAfee.com
2012-03-30 21:08 - 2012-03-30 21:08 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-30 21:05 - 2012-03-25 11:05 - 0000428 ____A C:\rkill.log
2012-03-30 20:57 - 2012-03-25 21:13 - 0000000 ____D C:\Users\ajpro\Desktop\Chameleon
2012-03-30 20:57 - 2012-03-25 17:50 - 0000000 ____D C:\Program Files (x86)\iolo
2012-03-30 20:57 - 2012-03-25 17:37 - 0000000 ____D C:\Users\All Users\iolo
2012-03-30 20:57 - 2012-03-25 17:37 - 0000000 ____D C:\ProgramData\iolo
2012-03-30 20:57 - 2012-03-25 15:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-30 20:57 - 2012-03-25 14:59 - 0000000 ____D C:\Program Files (x86)\SpeedMaxPc
2012-03-30 20:57 - 2011-07-14 07:08 - 0000000 ____D C:\Windows\en
2012-03-30 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-30 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-03-30 20:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-30 20:57 - 2009-04-08 00:43 - 0000000 ____D C:\Windows\Downloaded Installations
2012-03-30 20:56 - 2012-01-08 08:34 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-30 20:56 - 2009-12-03 22:18 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-03-30 20:56 - 2009-08-29 15:15 - 0000000 ____D C:\Windows\SysWOW64\summerflowers_3138426 dir
2012-03-30 20:56 - 2009-08-03 18:07 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-30 20:56 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-03-30 20:56 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-03-30 20:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-03-30 20:56 - 2009-05-06 19:15 - 0000000 ____D C:\Windows\JMCR_DIR
2012-03-30 20:56 - 2009-05-06 19:14 - 0000000 ____D C:\Windows\SysWOW64\HPMDP
2012-03-30 20:56 - 2009-05-06 19:09 - 0000000 ____D C:\Windows\System32\nn-NO
2012-03-30 20:26 - 2012-03-30 20:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 20:26 - 2012-03-30 20:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-28 19:37 - 2012-03-28 18:49 - 0000000 ____D C:\Users\ajpro\AppData\Local\McAfee Anti-Theft
2012-03-28 19:24 - 2012-03-28 19:25 - 0259384 ____A C:\Users\ajpro\Desktop\IMG_4662_2012-03-20_2012-03-20.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0253617 ____A C:\Users\ajpro\Desktop\IMG_4671_2012-03-20_2012-03-20.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0214266 ____A C:\Users\ajpro\Desktop\IMG_4654_2012-03-19_2012-03-19.jpg
2012-03-28 19:24 - 2012-03-28 19:25 - 0200904 ____A C:\Users\ajpro\Desktop\IMG_4656_2012-03-19_2012-03-19.jpg
2012-03-26 15:29 - 2011-12-07 19:08 - 0000000 ____D C:\Users\ajpro\Desktop\backup
2012-03-26 15:28 - 2012-03-25 14:59 - 0000000 ____D C:\Users\All Users\SpeedMaxPc
2012-03-26 15:28 - 2012-03-25 14:59 - 0000000 ____D C:\ProgramData\SpeedMaxPc
2012-03-25 21:25 - 2012-03-25 21:23 - 0004444 ____A C:\ioloUpdate.log
2012-03-25 21:22 - 2012-03-25 21:22 - 0000000 ____D C:\iolo
2012-03-25 21:17 - 2009-07-13 21:13 - 0730532 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-25 21:14 - 2012-03-25 21:14 - 0029808 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-03-25 17:51 - 2012-03-25 17:51 - 0000230 ____A C:\Windows\Tasks\SidebarExecute.job
2012-03-25 17:42 - 2012-03-25 17:42 - 0074703 ____A C:\Windows\SysWOW64\mfc45.dll
2012-03-25 17:37 - 2012-03-25 17:37 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\iolo
2012-03-25 15:31 - 2012-03-25 15:31 - 15540296 ____A (SUPERAntiSpyware.com) C:\Users\ajpro\Desktop\SUPERAntiSpyware.com
2012-03-25 15:04 - 2012-03-25 15:04 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\ajpro\Desktop\mbb.exe
2012-03-25 14:59 - 2012-03-25 14:59 - 0000422 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000416 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000400 ____A C:\Windows\Tasks\SpeedMaxPc.job
2012-03-25 14:59 - 2012-03-25 14:59 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\SpeedMaxPc
2012-03-25 14:59 - 2012-03-25 14:59 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\DriverCure
2012-03-25 11:13 - 2012-03-25 11:09 - 0130808 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_14.09.11_log.txt
2012-03-25 11:12 - 2012-03-25 11:12 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-25 10:21 - 2012-03-25 10:21 - 0000031 ____A C:\Users\ajpro\Documents\reference number.txt
2012-03-25 09:53 - 2012-03-25 09:53 - 9273408 ____A (McAfee Inc.) C:\Users\ajpro\Desktop\stinger.exe
2012-03-25 05:12 - 2012-03-25 05:12 - 0065536 __ASH C:\Windows\System32\config\components{e5ffe198-763d-11e1-80e4-00235a9df105}.TxR.blf
2012-03-24 22:17 - 2006-11-02 04:34 - 0001395 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-03-24 21:50 - 2012-03-24 21:50 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-24 16:30 - 2012-03-24 16:30 - 0743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-24 16:04 - 2011-01-13 16:24 - 0000000 ____D C:\Users\ajpro\Desktop\Microsoft Office
2012-03-24 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-24 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-24 16:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-03-24 15:59 - 2009-07-19 19:56 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\CyberLink
2012-03-24 15:59 - 1999-03-30 10:17 - 0000000 ___HD C:\System.sav
2012-03-24 15:58 - 2012-03-08 19:02 - 0000000 ____D C:\Program Files\HTC
2012-03-24 15:58 - 2009-12-03 22:18 - 0000000 ____D C:\Program Files\IDT
2012-03-24 15:58 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-24 15:58 - 2009-04-08 00:47 - 0000000 ____D C:\Users\All Users\CyberLink
2012-03-24 15:58 - 2009-04-08 00:47 - 0000000 ____D C:\ProgramData\CyberLink
2012-03-24 15:58 - 2009-04-08 00:42 - 0000000 ____D C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2012-03-24 15:58 - 2009-04-08 00:42 - 0000000 ____D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2012-03-24 15:58 - 2009-04-08 00:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-24 15:58 - 2009-04-08 00:39 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-24 15:58 - 2009-04-08 00:08 - 0000000 ____D C:\Users\All Users\WildTangent
2012-03-24 15:58 - 2009-04-08 00:08 - 0000000 ____D C:\ProgramData\WildTangent
2012-03-24 15:57 - 2011-01-12 20:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-24 15:57 - 2011-01-12 20:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-24 15:57 - 2009-08-09 14:49 - 0000000 ____D C:\Program Files (x86)\PIXresizer
2012-03-24 15:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-24 15:57 - 2009-04-08 01:13 - 0000000 ____D C:\Program Files (x86)\SMINST
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\NetZeroPreloader
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-24 15:57 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\JunoPreloader
2012-03-24 15:57 - 2009-04-08 00:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-24 15:57 - 2009-04-08 00:08 - 0000000 ____D C:\Program Files (x86)\HP Games
2012-03-24 15:57 - 2009-04-07 23:39 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-24 15:56 - 2009-04-08 00:47 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-03-24 15:55 - 2012-03-21 16:16 - 0000000 ____D C:\8f8188d5bbc8515eb11cb55adba22a24
2012-03-24 15:55 - 2012-03-20 20:27 - 0000000 ____D C:\68c6be241ccc820156
2012-03-24 15:55 - 2011-09-28 20:09 - 0000000 ____D C:\cd91c6e3845ab9673b84e3189c5c
2012-03-24 15:55 - 2011-08-14 20:06 - 0000000 ____D C:\8d28baf2a8c3a133d8591b266f44
2012-03-24 15:55 - 2010-09-19 19:33 - 0000000 ____D C:\9631592c33c18d7437159acccc0ab8
2012-03-24 15:55 - 2010-06-01 17:56 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-03-24 15:55 - 2010-02-09 21:39 - 0000000 ____D C:\716f8851aab248b39f51
2012-03-24 15:55 - 2009-07-19 20:32 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-24 15:55 - 2009-05-06 19:09 - 0000000 ____D C:\Program Files (x86)\Atheros
2012-03-24 15:55 - 2009-04-08 00:42 - 0000000 ____D C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2012-03-24 15:55 - 2009-04-07 23:01 - 0000000 ___HD C:\HP
2012-03-24 15:29 - 2011-07-18 06:56 - 0000000 ____D C:\Users\Public\CyberLink
2012-03-24 15:29 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-24 15:28 - 2011-06-25 19:56 - 0000000 ____D C:\Users\ajpro\AppData\Local\Sony Corporation
2012-03-24 15:28 - 2011-05-03 18:36 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Research In Motion
2012-03-24 15:28 - 2009-07-19 20:50 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Macromedia
2012-03-24 15:28 - 2009-07-19 20:50 - 0000000 ____D C:\Users\ajpro\AppData\Roaming\Adobe
2012-03-24 15:28 - 2009-07-19 20:31 - 0000000 ____D C:\Users\ajpro\AppData\LocalLow
2012-03-24 15:27 - 2010-01-19 15:26 - 0000000 ____D C:\Users\ajpro\AppData\Local\Downloaded Installations
2012-03-24 15:27 - 2009-07-24 07:12 - 0000000 ____D C:\Users\ajpro\AppData\Local\Microsoft Games
2012-03-24 15:27 - 2009-07-19 20:40 - 0000000 ____D C:\Users\ajpro\AppData\Local\Hewlett-Packard
2012-03-24 15:27 - 2009-07-19 19:40 - 0000000 ____D C:\Users\ajpro\AppData\Local\Google
2012-03-24 15:27 - 2008-06-09 05:44 - 0000000 ____D C:\SwSetup
2012-03-24 15:25 - 2010-01-19 15:26 - 0000000 ____D C:\Users\All Users\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-03-24 15:25 - 2010-01-19 15:26 - 0000000 ____D C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-03-24 15:22 - 2009-12-31 23:27 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-24 15:22 - 2009-12-31 23:27 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-24 15:22 - 2009-07-19 19:40 - 0000000 ____D C:\Users\All Users\Google
2012-03-24 15:22 - 2009-07-19 19:40 - 0000000 ____D C:\ProgramData\Google
2012-03-24 15:22 - 2009-04-08 00:46 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-24 15:22 - 2009-04-08 00:46 - 0000000 ____D C:\ProgramData\Adobe
2012-03-24 15:22 - 2009-04-07 23:40 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-03-24 15:22 - 2009-04-07 23:40 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-03-24 15:21 - 2011-03-27 14:42 - 0000000 ____D C:\Program Files\Windows Live
2012-03-24 15:21 - 2010-03-25 17:19 - 0000000 ____D C:\Program Files\Synaptics
2012-03-24 15:21 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-24 15:21 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-03-24 15:21 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-03-24 15:21 - 2009-04-08 00:39 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-24 15:20 - 2009-08-26 10:06 - 0000000 ____D C:\Program Files\Google
2012-03-24 15:20 - 2009-07-19 18:36 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-24 15:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-24 15:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-03-24 15:20 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-24 15:20 - 2009-05-06 19:10 - 0000000 ____D C:\Program Files\ATI
2012-03-24 15:20 - 2009-04-08 01:06 - 0000000 ____D C:\Program Files\AWS
2012-03-24 15:20 - 2009-04-07 23:13 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-03-24 15:19 - 2011-06-25 19:55 - 0000000 ____D C:\Program Files (x86)\Sony
2012-03-24 15:19 - 2011-05-03 18:34 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-03-24 15:19 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-24 15:19 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-24 15:19 - 2009-05-06 20:35 - 0000000 ____D C:\Program Files (x86)\muvee Technologies
2012-03-24 15:19 - 2009-05-06 19:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-24 15:19 - 2009-04-08 01:05 - 0000000 ____D C:\Program Files (x86)\MSN
2012-03-24 15:19 - 2009-04-08 00:43 - 0000000 ____D C:\Program Files (x86)\Sling Media
2012-03-24 15:19 - 2009-04-08 00:08 - 0000000 ___RD C:\Program Files (x86)\Online Services
2012-03-24 15:18 - 2011-01-12 20:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-03-24 15:18 - 2011-01-12 20:55 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-24 15:17 - 2011-01-12 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-03-24 15:17 - 2009-04-08 01:06 - 0000000 ____D C:\Program Files (x86)\Java
2012-03-24 15:17 - 2009-04-08 00:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-24 15:16 - 2012-03-08 19:01 - 0000000 ____D C:\Program Files (x86)\HTC
2012-03-24 15:16 - 2009-04-08 01:17 - 0000000 ____D C:\Program Files (x86)\Hp
2012-03-24 15:14 - 2009-04-07 23:13 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-24 15:13 - 2009-07-19 19:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-24 15:12 - 2011-03-05 08:38 - 0000000 ____D C:\Program Files (x86)\EPSON Projector
2012-03-24 15:09 - 2010-01-17 21:51 - 0000000 ____D C:\Program Files (x86)\Bash Software
2012-03-24 15:09 - 2009-05-06 19:10 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-03-24 15:09 - 2009-05-06 19:09 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-03-24 15:08 - 2009-04-08 00:46 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-24 14:59 - 2009-07-13 23:44 - 0000000 __RHD C:\Users\Public\Recorded TV
2012-03-24 14:51 - 2012-03-24 10:02 - 0000000 ____D C:\Program Files (x86)\RegInOut
2012-03-24 14:26 - 2009-12-31 23:27 - 0000000 ___HD C:\Users\ajpro\AppData\Roaming\Malwarebytes
2012-03-24 10:03 - 2012-03-24 10:03 - 0000000 ____D C:\Users\All Users\RegInOut
2012-03-24 10:03 - 2012-03-24 10:03 - 0000000 ____D C:\ProgramData\RegInOut
2012-03-24 09:49 - 2012-03-24 08:41 - 0000000 ____D C:\Users\ajpro\AppData\Local\ElevatedDiagnostics
2012-03-24 09:37 - 2012-03-24 09:37 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-03-23 17:37 - 2012-03-23 17:37 - 0000000 ____D C:\Windows\system64
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\Users\All Users\hGR878u0.exe_.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\Users\All Users\hGR878u0.exe.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\ProgramData\hGR878u0.exe_.b
2012-03-22 18:01 - 2012-03-22 18:01 - 0000001 ____A C:\ProgramData\hGR878u0.exe.b
2012-03-22 17:48 - 2012-03-20 15:27 - 0000112 ___AH C:\Users\All Users\wm03D7ol2.dat
2012-03-22 17:48 - 2012-03-20 15:27 - 0000112 ___AH C:\ProgramData\wm03D7ol2.dat
2012-03-21 19:22 - 2011-12-16 20:06 - 0000000 ___HD C:\Users\ajpro\Documents\Uppercase Living
2012-03-19 18:51 - 2012-03-19 18:51 - 0000000 ___HD C:\Windows\Sun
2012-03-17 19:40 - 2012-03-17 19:40 - 0001404 ___AH C:\Users\ajpro\Downloads\163_uwguidelines.htm
2012-03-17 17:58 - 2012-03-17 17:58 - 0191892 ____A C:\Users\ajpro\Desktop\My%20F150.jpg
2012-03-17 17:57 - 2012-03-17 17:57 - 0073911 ____A C:\Users\ajpro\Desktop\frontdriversidefront.jpg
2012-03-17 17:53 - 2012-03-17 17:53 - 0256809 ____A C:\Users\ajpro\Desktop\IMG_0308.jpg
2012-03-17 17:51 - 2012-03-17 17:51 - 0128475 ____A C:\Users\ajpro\Desktop\IMG_1055.jpg
2012-03-17 17:51 - 2012-03-17 17:51 - 0122617 ____A C:\Users\ajpro\Desktop\IMG_1031.jpg
2012-03-17 10:18 - 2012-03-17 10:18 - 0224333 ___AH C:\Users\ajpro\Documents\Kohls March.xps
2012-03-17 08:41 - 2012-03-17 08:41 - 0153908 ____A C:\Users\ajpro\Desktop\image-2301790277.jpg
2012-03-17 08:37 - 2012-03-17 08:37 - 0241779 ____A C:\Users\ajpro\Desktop\dsc0126fm.jpg
2012-03-17 08:30 - 2012-03-17 08:31 - 0097648 ____A C:\Users\ajpro\Desktop\newtruck2.jpg
2012-03-14 20:25 - 2012-03-14 20:26 - 0145600 ____A C:\Users\ajpro\Desktop\image-3173331021.jpg
2012-03-14 20:22 - 2012-03-14 20:22 - 0141575 ____A C:\Users\ajpro\Desktop\photo.jpg
2012-03-14 20:18 - 2012-03-14 20:19 - 0296552 ____A C:\Users\ajpro\Desktop\IMG_0095.jpg
2012-03-08 19:11 - 2011-06-30 18:05 - 0000308 ___AH C:\Users\ajpro\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ___HD C:\Users\ajpro\AppData\Roaming\InstallShield
2012-03-07 18:06 - 2012-03-07 18:06 - 0261075 ___AH C:\Users\ajpro\Documents\Verizon.xps
2012-03-05 19:17 - 2012-03-05 19:17 - 0963779 ____A C:\Users\ajpro\Desktop\2012 F150 Order Guide.pdf
2012-03-05 16:56 - 2012-03-05 16:56 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{D16C9695-033D-4D60-BED7-A7E481F0B634}
2012-03-05 16:56 - 2012-03-05 16:56 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{0C111A7B-493F-4222-BCFA-C3720789A509}
2012-03-05 16:56 - 2010-12-04 14:25 - 0000000 ___HD C:\Users\ajpro\AppData\Local\Windows Live
2012-03-04 18:39 - 2012-03-04 18:39 - 0114748 ____A C:\Users\ajpro\Desktop\$(KGrHqJ,!gwE8NWumGjnBPRY(j!CeQ~~_4.jpg
2012-03-04 14:19 - 2012-04-02 15:05 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-28 18:50 - 2012-02-28 18:50 - 0220351 ___AH C:\Users\ajpro\Documents\Pampered Chef.xps
2012-02-25 21:00 - 2012-02-25 21:00 - 0286095 ___AH C:\Users\ajpro\Documents\Walmart.xps
2012-02-25 20:41 - 2012-02-25 20:41 - 0039432 ___AH C:\Users\ajpro\Downloads\downsized950221121940.jpg
2012-02-25 20:37 - 2012-02-25 20:37 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{DB65375C-F897-4C32-B8CA-2514F2C9EFF6}
2012-02-25 20:37 - 2012-02-25 20:37 - 0000000 ___HD C:\Users\ajpro\AppData\Local\{9C83AB62-EC11-42CE-A240-C40DB0A984AD}
2012-02-21 19:13 - 2009-07-13 21:08 - 0032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-19 15:30 - 2012-02-19 15:30 - 0179137 ___AH C:\Users\ajpro\Documents\UL free items.docx
2012-02-17 15:38 - 2009-07-19 20:40 - 0000174 __ASH C:\Users\ajpro\Start Menu\Programs\Startup\desktop.ini
2012-02-17 15:38 - 2009-07-19 20:40 - 0000174 __ASH C:\Users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 22:38 - 2012-04-02 15:13 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-04-02 15:13 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-04-02 15:13 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-04-02 15:13 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:00 - 2012-02-16 16:00 - 0211303 ___AH C:\Users\ajpro\Documents\Kohls Feb.xps
2012-02-09 22:36 - 2012-04-02 15:14 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-04-02 15:14 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-04-02 15:14 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 18:44 - 2012-02-01 18:44 - 0000404 ___AH C:\Users\ajpro\Documents\petco.txt

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3837.83 MB
Available physical RAM: 3233.17 MB
Total Pagefile: 3835.98 MB
Available Pagefile: 3215.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.04 GB) (Free:207.84 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Disk 1 Online 1901 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 284 GB 1024 KB
Partition 2 Primary 14 GB 284 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1901 MB 8 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1901 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-12-09 16:34

======================= End Of Log ==========================

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 30 April 2012 - 03:14 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#13 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 01 May 2012 - 12:32 AM

Well I ran combofix took awhile. It finished, rebooted, and the internet wouldn't work. So I rebooted again since according to the instructions it said to do so to fix the internet connection. Computer would not boot up properly and had to restore it again. Attached is the CF log.

ComboFix 12-04-31.03 - ajpro 04/30/2012 21:36:33.1.2 - x64
Running from: c:\users\ajpro\Desktop\ajjpp.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\ajpro\AppData\Roaming\Local
c:\users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 05:00 . 2012-05-01 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 22:22 . 2012-04-29 22:54 -------- d-----w- C:\FRST
2012-04-22 06:08 . 2012-04-22 12:33 460888 ----a-w- c:\windows\system32\drivers\85062258.sys
2012-04-21 22:55 . 2012-04-21 22:55 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:50 . 2012-04-21 18:50 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-08 15:32 . 2012-04-08 15:32 -------- d-----w- c:\program files\Java
2012-04-02 23:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-02 23:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-02 23:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-02 23:14 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-02 23:14 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-02 23:14 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-02 23:13 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-02 23:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-02 23:13 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-02 23:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-02 04:03 . 2012-04-02 04:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-02 04:03 . 2012-04-02 07:55 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 22:55 . 2012-03-31 05:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-21 22:55 . 2011-08-22 21:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 05:14 . 2012-03-26 05:14 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-26 01:42 . 2012-03-26 01:42 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"EPSON_UD_START"="c:\program files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-16 329632]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2010-10-12 434360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\ajpro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-4-19 746856]
_uninst_97591721.lnk - c:\users\ajpro\AppData\Local\Temp\_uninst_97591721.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-4-19 746856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-09 135664]
R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-09 135664]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 85062258;85062258;c:\windows\system32\DRIVERS\85062258.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/06 21:00];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 EMP_UDSA;EMP_UDSA;c:\program files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-10-12 724152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - KLBG
*Deregistered* - KLIF
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:55]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-09 01:13]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-09 01:13]
.
2012-03-26 c:\windows\Tasks\SidebarExecute.job
- c:\program files (x86)\Windows Sidebar\sidebar.exe [2011-07-05 12:17]
.
2012-03-25 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]
.
2012-03-25 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"combofix"="c:\ajjpp\CF14244.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
penclass
k750bus
symantecantibotdriver
websenseclientdeployservice
prodrv06
DcPTP
risdptsk
stunnel
UNDPX2A
tfsndres
ShockMgr
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\iavlsp.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Explorer_Run-53668 - c:\progra~3\LOCALS~1\Temp\mshgda.cmd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-summerflowers_3138426 - c:\windows\system32\summerflowers_3138426.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-05-01 00:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 05:10
.
Pre-Run: 224,205,705,216 bytes free
Post-Run: 223,372,750,848 bytes free
.
- - End Of File - - 620F85A64D869FE4B3FE0CB9C54B90B6

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:23 PM

Posted 01 May 2012 - 02:15 PM

Good evening. :)

Download RegQuery from here and save it to your Desktop.
  • Double click the file to run it.
  • Copy the following keyname to your clipboard - either CTRL + C or right click will do.

    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems
  • Click Paste from Clipboard and then Query.
  • A Notepad window should open with some text it - either that or you'll get a pop-up telling you to check the keyname.
  • Let me have the contents of the file in your next reply.

Will you repeat the process for the following key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems

EDIT: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems too.

Edited by Noviciate, 01 May 2012 - 02:39 PM.

So long, and thanks for all the fish.

 

 


#15 Jpro0001

Jpro0001
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 01 May 2012 - 08:44 PM

Hi,

All items pasted to clipboard brought up check key name.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users