Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Error, Threats found in MSE


  • This topic is locked This topic is locked
26 replies to this topic

#1 KiwiStu

KiwiStu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 08 May 2012 - 12:34 AM

Hi guys,

Hopefully someone can point me in the right direction.
I've got an ACER 5750 laptop with Win7 Home Premium with a couple of problems.
- I can't turn the windows firewall on (error 0x80070424)
- MSE has picked up:
* Trojan:Win64/Sirefef.Y
* Trojan:Win32/Sirefef.AB
* Trojan:Win64/Sirefef.U
* Trojan:Win32/Alureon.FP
* Trojan:Win64/Sirefef.P
* Program:Win32/CoinMiner
- Malware Bytes has picked up:
* RiskWare.Tool.CK

So, sadly its a bit of a mess...

I have run MSE to remove the above which states a successful removal but when completing the requested restart Win7 wont boot and pops up a repair program which will only let the system run if I complete a restore in which case the whole lot starts over. I've also run Malware Bytes which sometimes clears the problem but on restart the problem still exists.

It seems to be a very similar problem to TommyC11's issue here: Link

I have run TDSSKiller.exe which doesn't return any threats.

Many thanks
Stu

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sarah and Stu at 17:26:25 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.1654 [GMT 12:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Server\Bin\WhsMcClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\140707C65602E4564777F627B602735316464353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\2456C6B696E6F5E413F575962756C6563737F5646383246444 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\24967605F6E646032333536364 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\25F646965627D456E65716E64644963707C61697 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\64255454027594649402269702548505544494140262023595440246C6 : DhcpNameServer = 172.17.64.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\E4544574541425 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=625675ed0000000000008a9ffaa30287&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.hardId - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:41:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-3-2 79744]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-20 76448]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-27 313424]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-27 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-9 23584]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-27 13336]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-3 654408]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-1-12 40832]
R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-9-1 2025336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-24 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-27 243232]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]
R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2011-3-2 111488]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 dxrgvpig;dxrgvpig;\??\C:\Windows\system32\drivers\dxrgvpig.sys --> C:\Windows\system32\drivers\dxrgvpig.sys [?]
S1 qdhuigqk;qdhuigqk;\??\C:\Windows\system32\drivers\qdhuigqk.sys --> C:\Windows\system32\drivers\qdhuigqk.sys [?]
S1 xyoakpyy;xyoakpyy;\??\C:\Windows\system32\drivers\xyoakpyy.sys --> C:\Windows\system32\drivers\xyoakpyy.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
SUnknown alnxnpau;alnxnpau; [x]
SUnknown iyjeagkk;iyjeagkk; [x]
SUnknown jfhjcltk;jfhjcltk; [x]
SUnknown lhpjgmvr;lhpjgmvr; [x]
SUnknown sgtnpufw;sgtnpufw; [x]
SUnknown truoavej;truoavej; [x]
SUnknown zgrdihyq;zgrdihyq; [x]
.
=============== Created Last 30 ================
.
2012-05-07 22:14:36 50000 ----a-w- C:\Windows\System32\drivers\xyoakpyy.sys
2012-05-07 11:39:07 50000 ----a-w- C:\Windows\System32\drivers\dxrgvpig.sys
2012-05-07 11:38:27 50000 ----a-w- C:\Windows\System32\drivers\qdhuigqk.sys
2012-05-07 11:37:41 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26D9B133-6F2B-4B62-B4A2-57E72192C2BD}\offreg.dll
2012-05-07 11:29:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26D9B133-6F2B-4B62-B4A2-57E72192C2BD}\mpengine.dll
2012-05-07 10:59:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 08:30:20 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-07 08:20:11 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2199B0C3-0551-4778-A062-C6F523023A6E}
2012-05-07 08:19:59 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{15F5CCBB-8073-42FB-BD9B-7B6D521290EC}
2012-05-05 00:20:32 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{B19EAA99-699A-4AA3-9555-A5E38306F284}
2012-05-05 00:20:21 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{65D77053-E496-45D1-A2FA-7EAB310A9DEF}
2012-05-04 21:11:22 50000 ----a-w- C:\Windows\System32\drivers\ntcyhlrp.sys
2012-05-03 10:44:17 -------- d-----w- C:\Users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 10:43:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-03 10:43:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-03 10:43:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 10:38:18 50000 ----a-w- C:\Windows\System32\drivers\cmusjqhb.sys
2012-05-03 09:44:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6868C60A-86D9-4BF9-9073-D2EFB889F5C4}\gapaengine.dll
2012-05-03 08:17:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-03 08:16:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-03 08:10:51 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{F5B0998B-7FAB-4771-8681-F10F791AB125}
2012-05-03 08:10:39 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{EF673401-C6AE-4845-BD7B-97C5DADB5466}
2012-05-02 07:55:22 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{5397D8BF-7522-4E68-A3A2-8BB33E7F6912}
2012-05-02 07:55:10 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{DADAB31F-EE1E-4F34-978D-AE16B632362F}
2012-04-28 22:17:36 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-28 22:00:29 -------- d-----we C:\Windows\system64
2012-04-28 06:28:30 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2AAE75F5-9110-40BD-82FD-B2F8940D7E56}
2012-04-28 06:28:19 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{5360C377-7A9B-4895-BA00-3DCF5858ECA2}
2012-04-26 09:28:44 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{3B5E97F8-89E1-4302-A00E-74C0B3428C92}
2012-04-26 09:28:32 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{8F642709-F5E2-4504-B390-49D8C9D00676}
2012-04-25 10:10:08 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-04-25 10:10:08 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-04-25 08:52:12 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{D228159B-14EF-445E-8DF9-5CA9A9CAF538}
2012-04-25 08:51:58 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{6FF39063-AF05-4830-A171-CA676E820587}
2012-04-19 10:43:33 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{F673290E-A3EB-4749-A5C0-F52AB4508AF0}
2012-04-19 10:43:18 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{00941849-2C3F-49AB-812B-15262FC0C3AF}
2012-04-18 05:34:03 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{894D359A-2817-4F66-A6A5-EE1D888960AC}
2012-04-18 05:33:52 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{440E30F7-14F1-43B8-8C9C-2B7A5B474E91}
2012-04-17 09:09:37 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{AA7BD459-7E58-4754-8FB7-15C95B0A607C}
2012-04-17 09:09:26 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{D8499B77-F564-4596-AA30-787FC673D0E6}
2012-04-16 11:02:12 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 08:31:47 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{7F9BE7A7-ED8A-4CA8-9647-C0F2C6EA2267}
2012-04-16 08:31:35 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{0EB04CB4-69B6-4198-8AEC-F2D26C6EC1EC}
2012-04-15 07:02:33 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2B6209C9-52EA-47C8-A6C9-6283718ABF42}
2012-04-15 07:02:22 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{10D688F1-D967-4150-B44F-C25AA43AFA13}
2012-04-15 06:57:53 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{333E3C01-FA3F-428A-A8D7-792995983CE6}
2012-04-15 06:57:41 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{469DD1CF-F78B-499B-9CA5-73B5FAABC76D}
2012-04-14 23:13:29 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{AADCCFD2-D93D-4093-BDCA-30C4BE51FCDE}
2012-04-12 08:14:08 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-12 08:09:10 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{03B0AF45-ABA8-4BB6-BD56-857DD5B65744}
2012-04-12 08:08:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:08:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:08:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 08:02:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:02:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:02:35 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:02:34 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:02:34 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 08:02:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:02:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 09:34:03 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{C45298C0-9875-4FF6-83F6-C10DE11458DB}
2012-04-10 08:42:37 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{E4C068F6-5BFE-4416-8544-94F4D13238E2}
2012-04-09 07:51:57 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{0E141853-419B-4BB9-94D3-5BD5ABBF1627}
.
==================== Find3M ====================
.
2012-05-08 00:03:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 00:03:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-20 08:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 08:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2012-03-08 06:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2006-05-18 04:58:57 385024 ----a-w- C:\Program Files\projectGSC.exe
2004-08-16 05:12:41 397312 ----a-w- C:\Program Files\projectGSCresUS.dll
2004-08-16 05:11:14 393216 ----a-w- C:\Program Files\projectGSCresJP.dll
2001-06-06 04:23:08 4094 ----a-w- C:\Program Files\USER_W.BIN
.
============= FINISH: 17:27:20.71 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 08 May 2012 - 02:06 AM

Hi Stu!!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________





Do you happen to have access to a USB flash drive that we could utilize?



-----------
It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 08 May 2012 - 04:25 AM

Hello ST, and thanks for taking the time to look into my issue, much appreciated believe me!

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
Thanks for the links on evaluating wether is worth a full re-install or not. At this stage I would like to proceed with trying to eradicate the issues but if further down the track things are not looking so hopefull then it may well be the best avenue. I'll keep it in the back of my mind as we progress as I'm conscious I don't want to tie up too much of your time.

I guess my only major concern is regarding the other computers in my network - should I be concerned about them as well? Admittedly this laptop is the main 'day to day' machine, the others are a media centre and a home server which get little use.

2. aswMBR log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 19:50:49
-----------------------------
19:50:49.991 OS Version: Windows x64 6.1.7601 Service Pack 1
19:50:49.992 Number of processors: 4 586 0x2A07
19:50:49.992 ComputerName: ACERLAPTOP UserName:
19:50:52.427 Initialize success
19:57:33.870 AVAST engine defs: 12050800
19:58:25.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:58:25.432 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:58:25.451 Disk 0 MBR read successfully
19:58:25.455 Disk 0 MBR scan
19:58:25.461 Disk 0 Windows 7 default MBR code
19:58:25.474 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:58:25.503 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
19:58:25.531 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
19:58:25.602 Disk 0 scanning C:\Windows\system32\drivers
19:58:40.563 Service scanning
19:59:13.703 Modules scanning
19:59:13.721 Disk 0 trace - called modules:
19:59:13.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:59:14.091 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068ea060]
19:59:14.102 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004dbc050]
19:59:15.779 AVAST engine scan C:\Windows
19:59:20.513 AVAST engine scan C:\Windows\system32
20:03:23.571 AVAST engine scan C:\Windows\system32\drivers
20:03:41.059 AVAST engine scan C:\Users\Sarah and Stu
20:37:04.947 AVAST engine scan C:\ProgramData
20:39:34.817 Scan finished successfully
20:39:56.366 Disk 0 MBR has been saved successfully to "C:\Users\Sarah and Stu\Desktop\MBR.dat"
20:39:56.429 The log file has been saved successfully to "C:\Users\Sarah and Stu\Desktop\aswMBR.txt"

3. Farbar Service Scanner log.

Farbar Service Scanner Version: 30-04-2012 01
Ran by Sarah and Stu (administrator) on 08-05-2012 at 20:40:37
Running from "C:\Users\Sarah and Stu\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

4. OTL.txt & Extras.txt logs.

OTL logfile created on: 5/8/2012 8:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sarah and Stu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.84% Memory free
7.71 Gb Paging File | 4.57 Gb Available in Paging File | 59.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 227.40 Gb Free Space | 50.46% Space Free | Partition Type: NTFS
Drive E: | 962.02 Mb Total Space | 367.30 Mb Free Space | 38.18% Space Free | Partition Type: FAT

Computer Name: ACERLAPTOP | User Name: Sarah and Stu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 20:41:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah and Stu\Downloads\OTL.exe
PRC - [2012/05/08 20:40:25 | 000,337,573 | ---- | M] () -- C:\Users\Sarah and Stu\Downloads\FSS.exe
PRC - [2012/05/08 19:50:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Sarah and Stu\Downloads\aswMBR.exe
PRC - [2012/05/08 11:02:39 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 17:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 13:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/20 11:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/05/09 18:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/03/18 04:35:23 | 002,025,336 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2011/01/19 00:22:46 | 001,028,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/01/19 00:22:46 | 000,313,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/19 00:22:46 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/12/23 04:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/23 04:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 14:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/14 14:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/27 14:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/01/29 12:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/09 01:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 20:40:25 | 000,337,573 | ---- | M] () -- C:\Users\Sarah and Stu\Downloads\FSS.exe
MOD - [2012/04/28 16:24:23 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/28 16:24:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/04/28 16:24:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/04/28 16:24:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2012/04/28 16:24:12 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll
MOD - [2012/04/28 16:24:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/28 16:24:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/28 16:23:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/04/28 16:23:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/04/28 16:23:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/04/28 16:23:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/05 13:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/05/20 11:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/11/21 00:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/21 00:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/12 11:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV:64bit: - [2011/03/02 16:00:38 | 000,111,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV:64bit: - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV:64bit: - [2011/03/02 15:46:34 | 000,228,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV:64bit: - [2011/03/02 15:46:28 | 000,079,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2010/10/30 06:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 12:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/06/26 15:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2012/05/08 12:03:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/03/18 04:35:23 | 002,025,336 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2011/02/24 03:56:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/20 18:23:22 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/01/19 00:22:46 | 000,313,424 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/12/23 04:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/23 04:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/14 14:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 01:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/08 10:14:36 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\xyoakpyy.sys -- (xyoakpyy)
DRV:64bit: - [2012/05/07 23:39:10 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dxrgvpig.sys -- (dxrgvpig)
DRV:64bit: - [2012/05/07 23:38:31 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\qdhuigqk.sys -- (qdhuigqk)
DRV:64bit: - [2012/04/13 23:07:16 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/10 02:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/01 18:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 21:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 21:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/12/08 16:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 16:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 16:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/11/12 10:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/10/07 09:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011/09/28 16:03:12 | 000,071,168 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 18:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 18:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 13:33:12 | 000,063,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2011/01/20 18:23:50 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 10:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/16 15:42:08 | 000,035,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2010/12/12 16:43:54 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/12/12 04:12:54 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2010/12/12 04:12:50 | 000,067,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010/12/02 18:36:04 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/11/21 01:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 22:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/22 15:37:54 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010/10/20 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/30 17:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 17:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/30 01:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/09 15:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/20 14:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/29 13:53:42 | 000,079,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus) LinkECU USB driver (WDM)
DRV:64bit: - [2007/04/09 09:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2012/03/10 02:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=625675ed0000000000008a9ffaa30287
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enNZ448
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=625675ed0000000000008a9ffaa30287&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 16:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/26 20:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah and Stu\AppData\Roaming\Mozilla\Extensions
[2012/04/04 20:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\searchplugins\askcom.xml
[2011/05/26 20:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/20 16:52:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/02/11 07:41:55 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/05 18:42:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 16:52:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\Toolbar\ShellBrowser: (no name) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - No CLSID value found.
O3 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe (Acer)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: 25308200.sys - Driver
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 25308200.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Roaming\GlarySoft
[2012/05/08 20:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/05/08 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012/05/08 19:42:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{83A33EEF-C27F-4841-A4DA-C8737A34B122}
[2012/05/08 19:42:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{D35CE6DA-F4CA-4012-B896-876F5986327F}
[2012/05/08 17:27:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarah and Stu\Desktop\dds.scr
[2012/05/08 10:14:36 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xyoakpyy.sys
[2012/05/07 23:39:07 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxrgvpig.sys
[2012/05/07 23:38:27 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qdhuigqk.sys
[2012/05/07 22:59:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/07 20:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/07 20:20:11 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{2199B0C3-0551-4778-A062-C6F523023A6E}
[2012/05/07 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{15F5CCBB-8073-42FB-BD9B-7B6D521290EC}
[2012/05/05 12:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{B19EAA99-699A-4AA3-9555-A5E38306F284}
[2012/05/05 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{65D77053-E496-45D1-A2FA-7EAB310A9DEF}
[2012/05/05 09:11:22 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ntcyhlrp.sys
[2012/05/03 22:44:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Roaming\Malwarebytes
[2012/05/03 22:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/03 22:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/03 22:43:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/03 22:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/03 22:38:18 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cmusjqhb.sys
[2012/05/03 20:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/03 20:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/03 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{F5B0998B-7FAB-4771-8681-F10F791AB125}
[2012/05/03 20:10:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{EF673401-C6AE-4845-BD7B-97C5DADB5466}
[2012/05/02 19:55:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{5397D8BF-7522-4E68-A3A2-8BB33E7F6912}
[2012/05/02 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{DADAB31F-EE1E-4F34-978D-AE16B632362F}
[2012/05/01 18:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/29 10:00:29 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/28 18:28:30 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{2AAE75F5-9110-40BD-82FD-B2F8940D7E56}
[2012/04/28 18:28:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{5360C377-7A9B-4895-BA00-3DCF5858ECA2}
[2012/04/26 21:28:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{3B5E97F8-89E1-4302-A00E-74C0B3428C92}
[2012/04/26 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{8F642709-F5E2-4504-B390-49D8C9D00676}
[2012/04/25 22:10:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/04/25 22:10:08 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/04/25 20:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{D228159B-14EF-445E-8DF9-5CA9A9CAF538}
[2012/04/25 20:51:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{6FF39063-AF05-4830-A171-CA676E820587}
[2012/04/19 22:43:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{F673290E-A3EB-4749-A5C0-F52AB4508AF0}
[2012/04/19 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{00941849-2C3F-49AB-812B-15262FC0C3AF}
[2012/04/18 21:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\Desktop\Zeitgeist
[2012/04/18 21:24:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\Desktop\The Social Network (2010)
[2012/04/18 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{894D359A-2817-4F66-A6A5-EE1D888960AC}
[2012/04/18 17:33:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{440E30F7-14F1-43B8-8C9C-2B7A5B474E91}
[2012/04/17 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{AA7BD459-7E58-4754-8FB7-15C95B0A607C}
[2012/04/17 21:09:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{D8499B77-F564-4596-AA30-787FC673D0E6}
[2012/04/16 23:02:12 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/16 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{7F9BE7A7-ED8A-4CA8-9647-C0F2C6EA2267}
[2012/04/16 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{0EB04CB4-69B6-4198-8AEC-F2D26C6EC1EC}
[2012/04/15 21:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/04/15 19:02:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{2B6209C9-52EA-47C8-A6C9-6283718ABF42}
[2012/04/15 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{10D688F1-D967-4150-B44F-C25AA43AFA13}
[2012/04/15 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{333E3C01-FA3F-428A-A8D7-792995983CE6}
[2012/04/15 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{469DD1CF-F78B-499B-9CA5-73B5FAABC76D}
[2012/04/15 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{AADCCFD2-D93D-4093-BDCA-30C4BE51FCDE}
[2012/04/13 23:07:19 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2342.dll
[2012/04/13 23:07:18 | 000,509,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/04/13 23:07:18 | 000,380,928 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/04/13 23:07:18 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/04/13 23:07:18 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/04/13 23:07:18 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/04/13 23:07:18 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/04/13 23:07:18 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/04/13 23:07:18 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/04/13 23:07:18 | 000,167,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/04/13 23:07:17 | 000,418,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/04/13 23:07:17 | 000,335,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/04/13 23:07:17 | 000,288,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/04/13 23:07:17 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/04/13 23:07:17 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/04/13 23:07:17 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/04/13 23:07:17 | 000,239,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/04/13 23:07:17 | 000,142,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/04/13 23:07:17 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/04/13 23:07:17 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/04/13 23:07:17 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/04/13 23:07:17 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/04/13 23:07:16 | 012,262,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/04/13 23:07:14 | 019,592,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2012/04/13 23:07:13 | 014,294,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2012/04/13 23:07:13 | 004,370,456 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/04/13 23:07:13 | 000,391,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/04/13 23:07:13 | 000,144,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/04/12 20:14:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 20:14:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 20:14:06 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 20:14:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 20:14:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 20:14:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 20:14:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 20:14:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 20:14:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 20:14:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 20:14:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{03B0AF45-ABA8-4BB6-BD56-857DD5B65744}
[2012/04/12 20:08:10 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 20:08:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 20:08:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 20:02:37 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 20:02:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 20:02:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{C45298C0-9875-4FF6-83F6-C10DE11458DB}
[2012/04/10 20:42:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{E4C068F6-5BFE-4416-8544-94F4D13238E2}
[2012/04/09 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{0E141853-419B-4BB9-94D3-5BD5ABBF1627}
[2011/05/23 11:39:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah and Stu\AppData\Local\cscript.exe
[2011/05/23 11:39:49 | 000,127,232 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah and Stu\AppData\Local\osppc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/08 20:39:56 | 000,000,512 | ---- | M] () -- C:\Users\Sarah and Stu\Desktop\MBR.dat
[2012/05/08 20:21:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/05/08 20:15:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 20:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 19:51:45 | 000,726,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/08 19:51:45 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/08 19:51:45 | 000,111,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 17:29:59 | 000,128,659 | ---- | M] () -- C:\Users\Sarah and Stu\Desktop\Attach.zip
[2012/05/08 17:26:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarah and Stu\Desktop\dds.scr
[2012/05/08 17:22:48 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/05/08 15:15:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 12:03:24 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/08 12:03:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/08 12:02:20 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/08 10:14:36 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xyoakpyy.sys
[2012/05/08 10:13:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 23:45:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:45:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:39:10 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxrgvpig.sys
[2012/05/07 23:38:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qdhuigqk.sys
[2012/05/07 23:36:34 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 23:27:11 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/07 21:25:09 | 000,000,000 | ---- | M] () -- C:\Users\Sarah and Stu\defogger_reenable
[2012/05/05 16:45:20 | 000,002,040 | -H-- | M] () -- C:\Users\Sarah and Stu\Documents\Default.rdp
[2012/05/05 09:11:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ntcyhlrp.sys
[2012/05/03 22:43:44 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 22:40:19 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cmusjqhb.sys
[2012/05/03 20:17:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/03 20:17:03 | 000,732,672 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/29 10:01:23 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/04/23 10:49:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/18 07:57:08 | 000,002,044 | ---- | M] () -- C:\Users\Sarah and Stu\Desktop\Work PC.RDP
[2012/04/13 23:07:19 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2342.dll
[2012/04/13 23:07:19 | 000,013,488 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/04/13 23:07:18 | 009,014,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/04/13 23:07:18 | 000,963,116 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/04/13 23:07:18 | 000,963,116 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/04/13 23:07:18 | 000,509,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/04/13 23:07:18 | 000,380,928 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/04/13 23:07:18 | 000,287,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/04/13 23:07:18 | 000,287,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/04/13 23:07:18 | 000,287,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/04/13 23:07:18 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/04/13 23:07:18 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/04/13 23:07:18 | 000,285,696 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/04/13 23:07:18 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/04/13 23:07:18 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/04/13 23:07:18 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/04/13 23:07:18 | 000,167,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/04/13 23:07:18 | 000,062,464 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/04/13 23:07:17 | 007,473,664 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/04/13 23:07:17 | 005,692,416 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/04/13 23:07:17 | 000,575,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/04/13 23:07:17 | 000,418,840 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/04/13 23:07:17 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/04/13 23:07:17 | 000,335,872 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/04/13 23:07:17 | 000,288,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/04/13 23:07:17 | 000,285,184 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/04/13 23:07:17 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/04/13 23:07:17 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/04/13 23:07:17 | 000,239,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/04/13 23:07:17 | 000,216,876 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/13 23:07:17 | 000,216,876 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/04/13 23:07:17 | 000,142,848 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/04/13 23:07:17 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/04/13 23:07:17 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/04/13 23:07:17 | 000,122,368 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/04/13 23:07:17 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/04/13 23:07:17 | 000,024,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/04/13 23:07:17 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/04/13 23:07:16 | 012,262,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/04/13 23:07:16 | 007,386,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/04/13 23:07:16 | 006,068,736 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/04/13 23:07:15 | 019,592,704 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2012/04/13 23:07:14 | 014,294,016 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2012/04/13 23:07:13 | 004,370,456 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/04/13 23:07:13 | 000,391,704 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/04/13 23:07:13 | 000,179,736 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2012/04/13 23:07:13 | 000,144,896 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/04/13 23:07:13 | 000,109,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 20:39:56 | 000,000,512 | ---- | C] () -- C:\Users\Sarah and Stu\Desktop\MBR.dat
[2012/05/08 20:21:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/05/08 17:29:58 | 000,128,659 | ---- | C] () -- C:\Users\Sarah and Stu\Desktop\Attach.zip
[2012/05/07 21:25:09 | 000,000,000 | ---- | C] () -- C:\Users\Sarah and Stu\defogger_reenable
[2012/05/03 22:43:44 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 20:17:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/03 20:17:05 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/29 10:17:36 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/29 10:01:23 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/04/18 07:57:08 | 000,002,044 | ---- | C] () -- C:\Users\Sarah and Stu\Desktop\Work PC.RDP
[2012/04/13 23:07:19 | 000,013,488 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/04/13 23:07:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/04/13 23:07:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/04/13 23:07:17 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/13 23:07:17 | 000,216,876 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/04/13 23:07:17 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/04/13 23:07:13 | 000,179,736 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/04/04 21:45:19 | 000,732,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/14 21:52:02 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/28 20:45:08 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2012/01/22 18:35:22 | 000,397,312 | ---- | C] () -- C:\Program Files\projectGSCresUS.dll
[2012/01/22 18:35:22 | 000,393,216 | ---- | C] () -- C:\Program Files\projectGSCresJP.dll
[2012/01/22 18:35:22 | 000,385,024 | ---- | C] () -- C:\Program Files\projectGSC.exe
[2012/01/22 18:35:22 | 000,135,194 | ---- | C] () -- C:\Program Files\gsc01.p
[2012/01/22 18:35:22 | 000,011,124 | ---- | C] () -- C:\Program Files\GSC_SW.DAT
[2012/01/22 18:35:22 | 000,009,515 | ---- | C] () -- C:\Program Files\PR_kPa_table.def
[2012/01/22 18:35:22 | 000,005,448 | ---- | C] () -- C:\Program Files\GSC_DEF.DEF
[2012/01/22 18:35:22 | 000,004,824 | ---- | C] () -- C:\Program Files\gsc_scale.def
[2012/01/22 18:35:22 | 000,004,094 | ---- | C] () -- C:\Program Files\USER_W.BIN
[2011/11/29 15:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 15:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 15:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 15:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 15:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/27 18:59:26 | 000,003,584 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 22:14:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/06/25 13:50:04 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/06/17 10:01:18 | 000,000,400 | ---- | C] () -- C:\Windows\g_nhqnsp699.ini
[2011/06/17 10:01:18 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bhtrugl164.dat
[2011/05/26 20:04:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/23 11:39:50 | 002,945,485 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\tokensall.dat
[2011/05/23 11:39:50 | 000,052,704 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\regall.reg
[2011/05/23 11:39:50 | 000,032,256 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\instsrv.exe
[2011/05/23 11:39:49 | 000,151,552 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\KMService.exe
[2011/05/23 11:39:49 | 000,143,360 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\PortQry.exe
[2011/05/23 11:39:49 | 000,049,377 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\ospp.vbs
[2011/05/23 11:39:49 | 000,033,019 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\slerror.xml
[2011/05/23 11:39:49 | 000,014,176 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\ospprearm.exe
[2011/05/23 11:39:49 | 000,008,192 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\srvany.exe
[2011/05/23 11:39:49 | 000,001,012 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\service.inf
[2011/05/23 11:39:49 | 000,000,796 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\hs_message.vbs
[2011/05/23 11:39:49 | 000,000,148 | ---- | C] () -- C:\Users\Sarah and Stu\AppData\Local\DisableService.reg
[2011/01/27 16:29:59 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/01/27 15:44:45 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/10 02:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) -- C:\Windows\system32\drivers\AnyDVD.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/28 15:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/28 15:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\system64\drivers\afd.sys
[2011/12/28 15:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 16:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/25 14:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 11:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 16:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 21:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 14:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/28 15:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/25 15:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 14:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 18:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 17:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 13:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 17:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/18 07:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 17:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 18:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 18:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 18:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 00:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 22:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/18 07:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 22:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/21 01:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/18 07:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 22:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 13:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/18 07:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 18:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 22:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 21:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 21:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\system64\drivers\netbt.sys
[2010/11/20 21:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/14 11:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: TDX.SYS >
[2009/07/14 11:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 21:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 21:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\system64\drivers\tdx.sys
[2010/11/20 21:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/21 01:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/21 01:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 01:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\drivers\volsnap.sys
[2010/11/21 01:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 01:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/14 13:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 13:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 13:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/14 13:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 13:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 13:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 13:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/18 07:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/18 07:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/22 19:46:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/22 19:46:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/22 19:46:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/22 19:46:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/22 19:46:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/20 16:52:52 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/20 16:52:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/22 19:46:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/22 19:46:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/22 19:46:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/22 19:46:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/22 19:46:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

< End of report >

OTL Extras logfile created on: 5/8/2012 8:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sarah and Stu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.84% Memory free
7.71 Gb Paging File | 4.57 Gb Available in Paging File | 59.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 227.40 Gb Free Space | 50.46% Space Free | Partition Type: NTFS
Drive E: | 962.02 Mb Total Space | 367.30 Mb Free Space | 38.18% Space Free | Partition Type: FAT

Computer Name: ACERLAPTOP | User Name: Sarah and Stu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0233A507-B381-4869-BCF7-668C98797F81}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B29A1DF-1268-436C-9FF2-EBF9B23C78A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{18D92E0D-707B-4F3B-ADCF-7140C66F5CA0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D188E08-9DA2-4363-9777-A20902096078}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26766AF3-E8F5-41B6-B30B-9C9A24E2CB0E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{286479AE-ABCA-4D9A-B9D5-6B06818C32C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{3597B9E3-90C6-4F19-8F65-0ECF8EA37882}" = rport=138 | protocol=17 | dir=out | app=system |
"{45E838E1-E2A9-4A8A-8EDE-820778CF138C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4758146A-67B1-4FF6-A935-0652CD0E900D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C1BA76C-A209-41F5-8FF4-65A5EE5DEA6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CFA80AC-B039-4A7A-A671-141FAFC04FE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{536C7E15-DC5B-4BAC-943C-666AE05F7644}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58166EE0-6A85-4705-AD0F-6FCEEB67B8EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59B643B1-1BC5-48EF-B64D-D14A75C9A9CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BD16477-F0A6-4849-B483-F0AC02216BE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64123065-C7C5-4FB9-9FE8-A8BEB6D68A6D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{64F87436-8B94-4719-B19C-004D3E03C105}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{845429FF-0CC7-414E-A7E9-46D07AF191BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{849129B5-5102-4F57-A71A-90C44DBD99D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{910711D6-096F-4DE0-960E-0394B4A1EC38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9268A161-4964-441A-9BDF-3E0FAF27C501}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A36E86E2-BEA0-4770-BD3D-6A6672298A04}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFE1B814-BAF2-4849-9090-3716F966E981}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4CCA0FB-8B96-4C21-8350-4AD9E14C041C}" = lport=137 | protocol=17 | dir=in | app=system |
"{C66B0056-5B9F-47B1-BD43-1D3F441C4DCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2C64367-301D-46C6-8688-1495E0D2129C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DB019821-2240-46AC-854C-EDD7BC0DBFDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD380A80-C91C-45C3-826A-912A9A167A48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4833739-E330-4B15-8E7D-D5B7DFC51F00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7D1E3C9-FA56-4150-98F1-65B14334A430}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED833DFD-D61C-4DF2-B0BB-66804B568DC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8193A65-61D7-4F7E-B0FA-17ACFAAC6D62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC02F214-EE61-4392-BC72-9A197507B6CE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FDF77BF3-C964-468C-B465-72F14941D901}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E7CAEF-3414-4F11-BCE0-25430006E4A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{062F4C29-0453-41D2-82F2-B86DD10AAE53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{0C6738C1-7287-418B-BD73-9D84925933B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D09E43-16D1-4433-96C6-4F3B3D83F8C2}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{2359454A-642A-460B-B980-EAAEA69D5754}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{24B2E0F2-1E03-4FD4-A999-4A431D0335B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2738821A-55A6-41AC-AAE7-3B895CC4C269}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{283D174C-CE45-4075-BC46-55A8AB834547}" = protocol=6 | dir=out | app=system |
"{2A06192F-1D00-4E15-AD29-846D20D9ADE4}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{2AB84144-AE2D-4F5C-9127-C84F688213DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2D52F53A-A78D-44CA-BF77-B94B7A17F0CE}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{2F8F3E11-87D8-4874-A2B7-C8C04F60899D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{321CF9FA-32D7-4FB9-862A-D181AC469C48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{326B2BC5-C60E-41E0-A6A7-007511E99FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BAE7BF6-72BB-4793-BA7A-7D0D561865C6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3E28A425-D958-492A-A4C1-A67389377E2C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{40E5065C-8154-471E-8505-B9ABA48D6331}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{4149EDCE-6D30-4961-9797-058E5D0C1D58}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{42D31C44-F1E3-411C-BE58-BF43873CAA9F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{48204C71-5396-4D13-A407-F10B1BB63C14}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{49BA54F0-AA2C-4E22-ACD4-B17C7ED2780B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{521F55A9-A3B8-42FE-ACE1-9607087B1D79}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{561206EB-389E-41BE-ADD7-C7D4515BD575}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5FE9E572-DA0E-4FC4-ABF3-5EB6E3D2D656}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6010FD88-0538-4E39-8685-579374960410}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65E512CE-6269-406A-B949-4D141E4CB93B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6FD3B954-8F5B-42F2-9A99-AC676006119F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70444213-718E-43CD-8B52-7A920B93587B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{76460B92-DCE5-4B36-9F51-FCDF312533C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{813EFEBF-0D11-4347-9B79-917DE6E9850D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{848E07DB-B979-46A0-8FB0-9C4270362AD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8966D650-7B7D-4F07-8335-87C4BDE459DB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{8B39B2C4-5803-4EF2-A903-141541633CB7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92977DB4-0F41-4C13-BF28-C0BF884B0722}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9469D696-5E78-4698-9E0A-9AEF67E4E063}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9673759D-E839-43E6-9691-2A9BE80073C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9D2C9F45-0A1F-4D36-BC30-CC2749BCEE31}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{A7B6B823-06B9-4282-AE8F-6CC717597508}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAD03E5E-9325-4747-8505-84AAE34026BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB01BC9B-08C6-4B57-870F-1B756F9548F1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B8CB71D2-1D65-4AE0-85D9-9781AA0CD71E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCDBE41D-8A7A-4CCD-B056-F8A630A12ADF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD2EA765-9B5D-47DD-88C2-C8D155EE0726}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{C43FE66D-739D-4BA6-BA9C-36B3D4BF5D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C57EF161-911C-498B-A5D6-D81E2C6C284D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8CC7AFA-BAB4-45E5-AD02-D3505D0B6F69}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{D05CF1F1-D5A4-4402-B832-EBACFF2FD336}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2198674-7F26-4F7A-A4B3-B8892930DC4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D9FB3452-8408-40FC-A04D-D88914360CAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC2E4067-E5F5-4EE9-A215-D2356B948982}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC5BA378-AE98-4633-AB2C-C95229DE1664}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E67A9C5D-6F90-4122-A72F-A0BEAD4D81F7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{E9233BD4-B9FA-43A3-8926-E7A76DC09811}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{EA9D3036-9268-4670-A163-0EF76380B9C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFB81BE1-03F7-4605-8357-09FF475A3451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0D04E20-658C-4D0A-B7FA-CC9781F09722}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F889D376-FC45-49DD-9FB0-2087F2473097}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{FC6EA212-1DA4-493A-94E1-7889DE93AFAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFD1DE78-55F1-491E-BC96-5FC830B845E4}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1E4D639-4A33-4314-809E-89BD0EF48522}" = Windows Home Server 2011 Connector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{08D53B43-AB77-4895-B148-A5E7DC5DAC3D}" = TouchCopy 09
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{14B3BDE8-4F26-4E92-8F70-5EE35F47CC01}" = GReddy e-manage support tool
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{15203AF1-DC07-4351-8139-B8A0A4FEF230}" = Haltech ECU Manager 1.10.2
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}" = Rhinoceros 4.0 SR5b
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F106CD7D-B16E-448A-8465-089C556355BC}" = TouchCopy 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"AnyDVD" = AnyDVD
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"HandBrake" = HandBrake 0.9.6
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{14B3BDE8-4F26-4E92-8F70-5EE35F47CC01}" = GReddy e-manage support tool
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"LINKCOMM&12B8&EC60" = LinkECU USB (Driver Removal)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"PCLink_is1" = PCLink V3.40
"Picasa 3" = Picasa 3
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SLABCOMM&12B8&EC60" = Link ECU (Driver Removal)
"TeamViewer 5" = TeamViewer 5
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"TUMONZ Tide Viewer" = TUMONZ Tide Viewer
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

5. An update on how your computer is currently running.
Actually not too bad. Seems to have normal responsiveness and program issues that I've come across yet (fingers crossed).

I'm actually facinated at this level of information, very interesting stuff.

Thanks again
Stu

#4 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 08 May 2012 - 04:31 AM

Apologies! I'm not sure why the above posted more than once - I had a look but couldn't figure out how to delete the extra posts.

#5 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:10:07 AM

Posted 08 May 2012 - 07:40 AM

Just so you both know, I have removed post #4 that was the duplicate.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 08 May 2012 - 07:42 AM

Hi Stu!

Hello ST, and thanks for taking the time to look into my issue, much appreciated believe me!

Not a problem! :)

I guess my only major concern is regarding the other computers in my network - should I be concerned about them as well? Admittedly this laptop is the main 'day to day' machine, the others are a media centre and a home server which get little use.

If you didn't transfer any files between the other computers, then I wouldn't worry about them too much at the moment, unless they are showing signs of an infection.

It looks like this infection has corrupted some data in your registry. We'll need to address this a little later.



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV:64bit: - [2012/05/08 10:14:36 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\xyoakpyy.sys -- (xyoakpyy)
    DRV:64bit: - [2012/05/07 23:39:10 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dxrgvpig.sys -- (dxrgvpig)
    DRV:64bit: - [2012/05/07 23:38:31 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\qdhuigqk.sys -- (qdhuigqk)
    IE - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\Toolbar\ShellBrowser: (no name) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - No CLSID value found.
    O3 - HKU\S-1-5-21-1081352181-3879122560-2544038368-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (Reg Error: Key error.)
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE
    O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
    [2012/05/08 10:14:36 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xyoakpyy.sys
    [2012/05/07 23:39:07 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxrgvpig.sys
    [2012/05/07 23:38:27 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qdhuigqk.sys
    [2012/05/05 09:11:22 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ntcyhlrp.sys
    [2012/05/03 22:38:18 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cmusjqhb.sys
    [2012/04/18 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{894D359A-2817-4F66-A6A5-EE1D888960AC}
    [2012/04/18 17:33:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{440E30F7-14F1-43B8-8C9C-2B7A5B474E91}
    [2012/04/17 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{AA7BD459-7E58-4754-8FB7-15C95B0A607C}
    [2012/04/17 21:09:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{D8499B77-F564-4596-AA30-787FC673D0E6}
    [2012/04/16 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{7F9BE7A7-ED8A-4CA8-9647-C0F2C6EA2267}
    [2012/04/16 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{0EB04CB4-69B6-4198-8AEC-F2D26C6EC1EC}
    [2012/04/15 19:02:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{2B6209C9-52EA-47C8-A6C9-6283718ABF42}
    [2012/04/15 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{10D688F1-D967-4150-B44F-C25AA43AFA13}
    [2012/04/15 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{333E3C01-FA3F-428A-A8D7-792995983CE6}
    [2012/04/15 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{469DD1CF-F78B-499B-9CA5-73B5FAABC76D}
    [2012/04/15 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{AADCCFD2-D93D-4093-BDCA-30C4BE51FCDE}
    [2012/04/12 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{03B0AF45-ABA8-4BB6-BD56-857DD5B65744}
    [2012/04/11 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{C45298C0-9875-4FF6-83F6-C10DE11458DB}
    [2012/04/10 20:42:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{E4C068F6-5BFE-4416-8544-94F4D13238E2}
    [2012/04/09 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah and Stu\AppData\Local\{0E141853-419B-4BB9-94D3-5BD5ABBF1627}
    [2012/05/08 10:14:36 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xyoakpyy.sys
    [2012/05/07 23:39:10 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxrgvpig.sys
    [2012/05/07 23:38:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qdhuigqk.sys
    [2012/05/07 23:27:11 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/05/05 09:11:31 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ntcyhlrp.sys
    [2012/05/03 22:40:19 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cmusjqhb.sys
    [2012/04/29 10:17:36 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
    :Files
    C:\Users\Sarah and Stu\AppData\Local\{D35CE6DA-F4CA-4012-B896-876F5986327F}
    C:\Users\Sarah and Stu\AppData\Local\{83A33EEF-C27F-4841-A4DA-C8737A34B122}
    C:\Users\Sarah and Stu\AppData\Local\{2199B0C3-0551-4778-A062-C6F523023A6E}
    C:\Users\Sarah and Stu\AppData\Local\{15F5CCBB-8073-42FB-BD9B-7B6D521290EC}
    C:\Users\Sarah and Stu\AppData\Local\{B19EAA99-699A-4AA3-9555-A5E38306F284}
    C:\Users\Sarah and Stu\AppData\Local\{65D77053-E496-45D1-A2FA-7EAB310A9DEF}
    C:\Users\Sarah and Stu\AppData\Local\{F5B0998B-7FAB-4771-8681-F10F791AB125} 
    C:\Users\Sarah and Stu\AppData\Local\{EF673401-C6AE-4845-BD7B-97C5DADB5466} 
    C:\Users\Sarah and Stu\AppData\Local\{5397D8BF-7522-4E68-A3A2-8BB33E7F6912} 
    C:\Users\Sarah and Stu\AppData\Local\{DADAB31F-EE1E-4F34-978D-AE16B632362F} 
    C:\Users\Sarah and Stu\AppData\Local\{2AAE75F5-9110-40BD-82FD-B2F8940D7E56} 
    C:\Users\Sarah and Stu\AppData\Local\{5360C377-7A9B-4895-BA00-3DCF5858ECA2} 
    C:\Users\Sarah and Stu\AppData\Local\{3B5E97F8-89E1-4302-A00E-74C0B3428C92} 
    C:\Users\Sarah and Stu\AppData\Local\{8F642709-F5E2-4504-B390-49D8C9D00676} 
    C:\Users\Sarah and Stu\AppData\Local\{D228159B-14EF-445E-8DF9-5CA9A9CAF538} 
    C:\Users\Sarah and Stu\AppData\Local\{6FF39063-AF05-4830-A171-CA676E820587} 
    C:\Users\Sarah and Stu\AppData\Local\{F673290E-A3EB-4749-A5C0-F52AB4508AF0} 
    C:\Users\Sarah and Stu\AppData\Local\{00941849-2C3F-49AB-812B-15262FC0C3AF}
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 08 May 2012 - 07:42 AM

Thanks jgweed :thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 09 May 2012 - 02:40 PM

Hi ST,

Sorry for the delay in reply - I've been having a couple of problems.

I ran the OTL Fix which asked for a reboot once completed, however when trying to start up a start up recover repair tool starts and the only way to get the system live again is to complete a system restore. With the work that the OTL fix has completed be undone?

Thanks
Stu

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 10 May 2012 - 01:51 AM

Stu,

Sorry to hear that! This is related to trying to remove the infection.

Do you have access to a flash drive that we can utilize?

Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Let me know if you're able to complete the above.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 10 May 2012 - 03:23 AM

Hi ST,

Here's the log from FRST:

Scan result of Farbar Recovery Scan Tool Version: 09-05-2012
Ran by SYSTEM at 10-05-2012 20:08:24
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11725928 2010-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-01-19] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-01-19] (Atheros Commnucations)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-07-31] (Microsoft Corporation)
HKLM\...\Run: [Launchpad] %programfiles%\Windows Server\Bin\Launchpad.exe -autostart [1096576 2012-01-11] (Microsoft Corporation)
HKLM\...\Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe -r [2280992 2010-02-09] (Acer)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2012-04-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2012-04-13] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2012-04-13] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-25] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [296984 2012-01-04] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1028688 2011-01-18] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-05-08] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-25] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2009-06-25] (WDC)
HKLM-x32\...\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-19] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-04] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-03] (Malwarebytes Corporation)
HKU\Sarah and Stu\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-09-19] (Nero AG)
HKU\Sarah and Stu\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-03] ()
HKU\Sarah and Stu\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [954256 2012-04-03] (Samsung)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-19] (Atheros Commnucations)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [313424 2011-01-18] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868224 2010-10-29] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 HealthAlertsSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientAlertServiceConfig" [30592 2011-03-01] (Microsoft Corporation)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 initMonitor; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientSystemServiceConfig" [30592 2011-03-01] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-03] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-25] (Microsoft Corporation)
2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-19] (Nero AG)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [382248 2007-09-19] (Nero AG)
2 NotificationsProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientLocalServiceConfig" [30592 2011-03-01] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-04] (NTI Corporation)
2 providers_system; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientSystemServiceConfig" [30592 2011-03-01] (Microsoft Corporation)
2 SqmProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\SqmServiceConfig" [30592 2011-03-01] (Microsoft Corporation)
2 TeamViewer5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2025336 2011-03-17] (TeamViewer GmbH)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)
2 WDBtnMgrSvc.exe; "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [119296 2009-06-25] (WDC)
2 WSS_ComputerBackupProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\BackupClientConfig" [30592 2011-03-01] (Microsoft Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-09] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-09] (SlySoft, Inc.)
3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67112 2010-12-11] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2010-12-11] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [35368 2010-12-15] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [85544 2010-12-11] (Broadcom Corporation)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-01-19] (Atheros)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-17] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-17] (FTDI Ltd.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12262336 2012-04-13] (Intel Corporation)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
1 kzuykgyp; C:\Windows\System32\Drivers\kzuykgyp.sys [50000 2012-05-09] (Microsoft Corporation)
3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-11] (Belcarra Technologies)
1 lhpuatme; C:\Windows\System32\Drivers\lhpuatme.sys [50000 2012-05-09] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-03] (Malwarebytes Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-09] (Apple Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
1 qubebspu; C:\Windows\System32\Drivers\qubebspu.sys [50000 2012-05-09] (Microsoft Corporation)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [152064 2011-10-06] (Prolific Technology Inc.)
3 silabenm; C:\Windows\System32\Drivers\silabenm.sys [27336 2010-10-21] (Silicon Laboratories)
3 silabser; C:\Windows\System32\Drivers\silabser.sys [71168 2011-09-27] (Silicon Laboratories)
3 slabbus; C:\Windows\System32\Drivers\slabbus.sys [79872 2007-05-28] (MCCI Corporation)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-12-07] (MCCI Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [12288 2007-04-08] (Waytech Development, Inc.)
1 ygsesycd; C:\Windows\System32\Drivers\ygsesycd.sys [50000 2012-05-09] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========
NETSVC: aswrdr
NETSVC: vmnetuserif

============ One Month Created Files and Folders ==============

2012-05-10 20:08 - 2012-05-10 20:08 - 0000000 ____D C:\FRST
2012-05-10 00:04 - 2012-05-10 00:04 - 1387251 ____A C:\Users\Sarah and Stu\Downloads\FRST64.exe
2012-05-10 00:02 - 2012-05-10 00:03 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\Mem Stick
2012-05-09 14:47 - 2012-05-09 14:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ygsesycd.sys
2012-05-09 14:16 - 2012-05-09 14:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lhpuatme.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qubebspu.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzuykgyp.sys
2012-05-09 11:31 - 2012-05-09 11:31 - 0000000 ____D C:\Windows\system64
2012-05-09 02:28 - 2012-05-09 02:28 - 0000000 ____D C:\_OTL
2012-05-08 00:53 - 2012-05-08 00:53 - 0202614 ____A C:\Users\Sarah and Stu\Downloads\OTL.Txt
2012-05-08 00:53 - 2012-05-08 00:53 - 0063924 ____A C:\Users\Sarah and Stu\Downloads\Extras.Txt
2012-05-08 00:41 - 2012-05-08 00:41 - 0003666 ____A C:\Users\Sarah and Stu\Desktop\FSS 8-5-12.txt
2012-05-08 00:40 - 2012-05-08 00:40 - 0003666 ____A C:\Users\Sarah and Stu\Desktop\FSS.txt
2012-05-08 00:39 - 2012-05-08 00:39 - 0001930 ____A C:\Users\Sarah and Stu\Desktop\aswMBR.txt
2012-05-08 00:39 - 2012-05-08 00:39 - 0000512 ____A C:\Users\Sarah and Stu\Desktop\MBR.dat
2012-05-08 00:25 - 2012-05-10 00:03 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\GlarySoft
2012-05-08 00:21 - 2012-05-09 22:13 - 0000000 ____D C:\Program Files (x86)\Glary Utilities
2012-05-07 23:10 - 2012-05-07 23:38 - 85205930 ____A C:\Users\Sarah and Stu\Downloads\'American.Dad.S07E17.HDTV.x264-LOL.mp4'
2012-05-07 23:06 - 2012-05-07 23:08 - 67996604 ____A C:\Users\Sarah and Stu\Downloads\fg.s10e20.480ph.x264-m.u34093.RMTeam.rar
2012-05-07 22:33 - 2012-05-07 23:24 - 91878405 ____A C:\Users\Sarah and Stu\Downloads\ts.s23e20.480ph.x264-m.u34071.RMTeam.rar
2012-05-07 21:29 - 2012-05-07 21:36 - 0032445 ____A C:\Users\Sarah and Stu\Desktop\DDS.txt
2012-05-07 21:29 - 2012-05-07 21:29 - 10339653 ____A C:\Users\Sarah and Stu\Desktop\Attach.txt
2012-05-07 21:29 - 2012-05-07 21:29 - 0128659 ____A C:\Users\Sarah and Stu\Desktop\Attach.zip
2012-05-07 03:38 - 2012-05-07 11:36 - 0138658 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_23.38.52_log.txt
2012-05-07 03:33 - 2012-05-07 03:35 - 0140944 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_23.33.41_log.txt
2012-05-07 03:02 - 2012-05-07 03:01 - 0036160 ____A C:\Users\Sarah and Stu\Downloads\kiwi.png
2012-05-07 02:59 - 2012-05-10 00:03 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-07 02:58 - 2012-05-07 03:03 - 0140202 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_22.58.34_log.txt
2012-05-07 02:57 - 2012-05-07 02:58 - 2055783 ____A C:\Users\Sarah and Stu\Downloads\tdsskiller.zip
2012-05-07 02:24 - 2012-05-07 02:24 - 0000488 ____A C:\Users\Sarah and Stu\Desktop\defogger_disable.log
2012-05-07 01:25 - 2012-05-07 01:25 - 0000000 ____A C:\Users\Sarah and Stu\defogger_reenable
2012-05-07 00:30 - 2012-05-07 00:30 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-07 00:16 - 2012-05-07 00:18 - 0138626 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_20.16.00_log.txt
2012-05-07 00:15 - 2012-05-10 00:31 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\tdsskiller
2012-05-04 13:11 - 2012-05-04 13:11 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntcyhlrp.sys
2012-05-03 02:44 - 2012-05-03 02:44 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 02:43 - 2012-05-10 00:00 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-03 02:43 - 2012-05-10 00:00 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-03 02:43 - 2012-05-03 02:43 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-03 02:43 - 2012-05-03 02:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 02:43 - 2012-04-03 19:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-03 02:38 - 2012-05-03 02:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmusjqhb.sys
2012-05-03 00:17 - 2012-05-03 00:17 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-03 00:17 - 2012-05-03 00:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-03 00:16 - 2012-05-03 00:17 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-01 02:46 - 2012-05-01 02:46 - 4406431 ____A C:\Users\Sarah and Stu\Desktop\COKE Happiness Truck Post analysis Jan - Mar 12 v2.pptx
2012-05-01 02:26 - 2012-05-01 02:32 - 6561357 ____A C:\Users\Sarah and Stu\Desktop\COKE Summer Post analysis Jan - Mar 12 v1.pptx
2012-05-01 00:54 - 2012-05-01 02:01 - 0745104 ____A C:\Users\Sarah and Stu\Desktop\PO Tracker Apr V1.xlsx
2012-04-30 23:37 - 2012-04-30 23:37 - 0228700 ____A C:\Users\Sarah and Stu\Downloads\AVImedic.zip
2012-04-30 23:37 - 2012-04-30 23:37 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AVImedic
2012-04-28 16:40 - 2012-04-28 16:40 - 2135728 ____A C:\Users\Sarah and Stu\Downloads\installspeedfan446.exe
2012-04-28 14:17 - 2012-05-09 11:32 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-28 14:01 - 2012-04-28 14:01 - 0000040 ___SH C:\Users\All Users\.zreglib
2012-04-28 14:01 - 2012-04-28 14:01 - 0000040 ___SH C:\ProgramData\.zreglib
2012-04-28 13:52 - 2012-04-28 14:00 - 0280877 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD+7.0.3.0+HD+Key+++crack+++keygen.zip
2012-04-28 13:42 - 2012-04-28 13:43 - 5541030 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_HD_6.6.2.3__Setup___Registration_Key.zip
2012-04-28 13:29 - 2012-04-28 13:29 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova
2012-04-28 13:27 - 2012-04-28 13:28 - 10195665 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova.rar
2012-04-27 19:46 - 2012-04-27 19:46 - 0090097 ____A C:\Users\Sarah and Stu\Downloads\M2N_QVL.zip
2012-04-27 12:37 - 2012-04-27 12:38 - 12621696 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\mseinstall.exe
2012-04-27 12:00 - 2012-04-27 12:00 - 0262680 ____A C:\Users\Sarah and Stu\Downloads\dotnetfx_cleanup_tool.zip
2012-04-27 12:00 - 2012-04-27 12:00 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\dotnetfx_cleanup_tool
2012-04-27 11:55 - 2012-04-27 11:56 - 2744944 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\NDP40-KB2656351-x64.exe
2012-04-27 11:54 - 2012-04-27 11:55 - 9557608 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\NDP40-KB2656351-IA64.exe
2012-04-25 02:10 - 2012-02-24 01:14 - 0203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-04-25 02:10 - 2012-02-24 01:14 - 0099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-04-22 14:51 - 2012-04-22 14:51 - 0000092 ____A C:\Users\Sarah and Stu\AppData\default.pls
2012-04-18 01:31 - 2012-04-18 01:31 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\Zeitgeist
2012-04-18 01:24 - 2012-04-18 01:29 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\The Social Network (2010)
2012-04-17 11:57 - 2012-04-17 11:57 - 0002044 ____A C:\Users\Sarah and Stu\Desktop\Work PC.RDP
2012-04-17 02:10 - 2012-04-17 02:11 - 80090551 ____A C:\Users\Sarah and Stu\Downloads\How.I.Met.Your.Mother.S07E21.480p.HDTV.X264-DIMENSION.mkv
2012-04-16 03:02 - 2012-05-09 15:02 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-16 01:18 - 2012-04-16 02:06 - 85041314 ____A C:\Users\Sarah and Stu\Downloads\The.Simpsons.S23E18.480p.HDTV.x264-mSD.mkv
2012-04-16 01:17 - 2012-04-16 01:19 - 58361095 ____A C:\Users\Sarah and Stu\Downloads\sp.s16e05.480ph.x264-m.u29910.RMTeam.rar
2012-04-13 03:07 - 2012-04-13 03:07 - 4370456 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 19592704 ____A (Intel Corporation) C:\Windows\System32\ig4icd64.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 14294016 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 12262336 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-04-13 03:07 - 2012-04-13 03:07 - 0963116 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0963116 ____A C:\Windows\System32\igkrng600.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0509976 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0418840 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0391704 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0380928 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0335872 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0288768 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285184 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285184 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0283648 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0283136 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0282624 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0282624 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0239128 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0216876 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0216876 ____A C:\Windows\System32\igfcg600m.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0179736 ____A C:\Windows\System32\difx64.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0167960 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0144896 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0142848 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-04-13 03:07 - 2012-04-13 03:07 - 0122368 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2342.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0024576 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0013488 ____A C:\Windows\System32\iglhxs64.vp
2012-04-13 03:07 - 2012-04-13 03:07 - 0004096 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-04-12 00:14 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-12 00:14 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-12 00:14 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-12 00:14 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-12 00:14 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-12 00:14 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-12 00:14 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-12 00:14 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 00:14 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-12 00:14 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-12 00:14 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-12 00:14 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-12 00:14 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-12 00:14 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-12 00:14 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-12 00:14 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-12 00:14 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-12 00:14 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-12 00:14 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-12 00:14 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-12 00:14 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-12 00:14 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-12 00:14 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-12 00:14 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-12 00:14 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 00:13 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-12 00:08 - 2012-03-05 22:53 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-12 00:08 - 2012-03-05 21:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-12 00:08 - 2012-03-05 21:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-12 00:02 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-12 00:02 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 00:02 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-12 00:02 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 00:02 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 00:02 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 00:02 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 01:25 - 2012-04-10 04:59 - 573166933 ____A C:\Users\Sarah and Stu\Downloads\true.blood.s03e01.dvdrip.xvid.reward (1).avi
2012-04-10 01:04 - 2012-04-10 01:09 - 143078494 ____A C:\Users\Sarah and Stu\Downloads\The.Big.Bang.Theory.S05E21.HDTV.x264-LOL.mp4
2012-04-10 01:02 - 2012-04-10 04:07 - 565923908 ____A C:\Users\Sarah and Stu\Downloads\Community.S03E14.720p.HDTV.X264-DIMENSION.mkv
2012-04-10 01:01 - 2012-04-10 02:09 - 121770615 ____A C:\Users\Sarah and Stu\Downloads\two.and.a.half.men.920.hdtv-lol.mp4
2012-04-10 01:00 - 2012-04-10 01:06 - 172964218 ____A C:\Users\Sarah and Stu\Downloads\how.i.met.your.mother.720.hdtv-lol.mp4

============ 3 Months Modified Files and Folders =============

2012-05-10 20:08 - 2012-05-10 20:08 - 0000000 ____D C:\FRST
2012-05-10 00:32 - 2011-11-18 12:13 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-10 00:32 - 2011-01-26 20:46 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-10 00:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-10 00:31 - 2012-05-07 00:15 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\tdsskiller
2012-05-10 00:31 - 2012-04-06 11:02 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Microsoft_Corporation
2012-05-10 00:31 - 2011-08-10 00:11 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-05-10 00:31 - 2011-05-21 21:22 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\PowerCinema
2012-05-10 00:31 - 2011-01-26 20:47 - 0000000 ____D C:\Users\All Users\BackupManager
2012-05-10 00:31 - 2011-01-26 20:47 - 0000000 ____D C:\ProgramData\BackupManager
2012-05-10 00:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-10 00:05 - 2011-05-22 16:43 - 0000000 ____D C:\Users\Sarah and Stu\PST Files
2012-05-10 00:05 - 2011-02-23 07:40 - 2016096 ____A C:\Windows\WindowsUpdate.log
2012-05-10 00:04 - 2012-05-10 00:04 - 1387251 ____A C:\Users\Sarah and Stu\Downloads\FRST64.exe
2012-05-10 00:04 - 2009-07-13 21:13 - 0726826 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-10 00:03 - 2012-05-10 00:02 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\Mem Stick
2012-05-10 00:03 - 2012-05-08 00:25 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\GlarySoft
2012-05-10 00:03 - 2012-05-07 02:59 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-10 00:02 - 2012-04-03 22:59 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-10 00:02 - 2009-07-13 20:51 - 0110479 ____A C:\Windows\setupact.log
2012-05-10 00:01 - 2011-07-30 04:22 - 0000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-05-10 00:00 - 2012-05-03 02:43 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-10 00:00 - 2012-05-03 02:43 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-09 23:15 - 2011-09-06 00:07 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-09 22:13 - 2012-05-08 00:21 - 0000000 ____D C:\Program Files (x86)\Glary Utilities
2012-05-09 19:15 - 2011-09-06 00:07 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-09 15:03 - 2012-04-03 22:58 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-09 15:03 - 2011-05-26 00:08 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-09 15:02 - 2012-04-16 03:02 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-09 14:47 - 2012-05-09 14:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ygsesycd.sys
2012-05-09 14:16 - 2012-05-09 14:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lhpuatme.sys
2012-05-09 14:14 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-09 14:14 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-09 14:13 - 2011-02-23 07:52 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-05-09 14:13 - 2011-02-23 07:52 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qubebspu.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzuykgyp.sys
2012-05-09 11:36 - 2011-05-22 12:06 - 0000000 ____D C:\Users\All Users\clear.fi
2012-05-09 11:36 - 2011-05-22 12:06 - 0000000 ____D C:\ProgramData\clear.fi
2012-05-09 11:33 - 2011-05-21 21:22 - 0000000 ____D C:\users\Sarah and Stu
2012-05-09 11:32 - 2012-04-28 14:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-09 11:31 - 2012-05-09 11:31 - 0000000 ____D C:\Windows\system64
2012-05-09 11:31 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-09 11:30 - 2011-02-23 07:37 - 3104722944 __ASH C:\hiberfil.sys
2012-05-09 11:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-09 02:28 - 2012-05-09 02:28 - 0000000 ____D C:\_OTL
2012-05-08 22:49 - 2011-05-25 23:40 - 0002040 ___AH C:\Users\Sarah and Stu\Documents\Default.rdp
2012-05-08 22:49 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-05-08 00:53 - 2012-05-08 00:53 - 0202614 ____A C:\Users\Sarah and Stu\Downloads\OTL.Txt
2012-05-08 00:53 - 2012-05-08 00:53 - 0063924 ____A C:\Users\Sarah and Stu\Downloads\Extras.Txt
2012-05-08 00:41 - 2012-05-08 00:41 - 0003666 ____A C:\Users\Sarah and Stu\Desktop\FSS 8-5-12.txt
2012-05-08 00:40 - 2012-05-08 00:40 - 0003666 ____A C:\Users\Sarah and Stu\Desktop\FSS.txt
2012-05-08 00:39 - 2012-05-08 00:39 - 0001930 ____A C:\Users\Sarah and Stu\Desktop\aswMBR.txt
2012-05-08 00:39 - 2012-05-08 00:39 - 0000512 ____A C:\Users\Sarah and Stu\Desktop\MBR.dat
2012-05-08 00:27 - 2011-05-21 21:24 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\Macromedia
2012-05-08 00:25 - 2012-03-05 22:47 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\Dora The Explorer
2012-05-07 23:42 - 2011-05-22 16:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Windows Live
2012-05-07 23:42 - 2011-05-22 16:10 - 0000000 ____D C:\Users\Sarah and Stu\Tracing
2012-05-07 23:38 - 2012-05-07 23:10 - 85205930 ____A C:\Users\Sarah and Stu\Downloads\'American.Dad.S07E17.HDTV.x264-LOL.mp4'
2012-05-07 23:24 - 2012-05-07 22:33 - 91878405 ____A C:\Users\Sarah and Stu\Downloads\ts.s23e20.480ph.x264-m.u34071.RMTeam.rar
2012-05-07 23:20 - 2012-03-19 19:46 - 0000000 ____D C:\Program Files (x86)\ImgBurn
2012-05-07 23:20 - 2012-02-10 11:47 - 0000000 ____D C:\Program Files (x86)\Total Video Converter
2012-05-07 23:20 - 2011-09-27 01:38 - 0000000 ____D C:\Program Files (x86)\Wide Angle Software
2012-05-07 23:20 - 2011-06-16 00:18 - 0000000 ____D C:\Program Files\Western Digital
2012-05-07 23:20 - 2011-01-26 20:29 - 0000000 ____D C:\Program Files (x86)\Acer GameZone
2012-05-07 23:20 - 2011-01-26 20:28 - 0000000 ____D C:\Program Files (x86)\eSobi
2012-05-07 23:20 - 2011-01-26 20:20 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-07 23:08 - 2012-05-07 23:06 - 67996604 ____A C:\Users\Sarah and Stu\Downloads\fg.s10e20.480ph.x264-m.u34093.RMTeam.rar
2012-05-07 22:09 - 2012-03-25 21:30 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\Chw7
2012-05-07 22:09 - 2011-03-18 18:58 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\Robokill2LeviathanFive
2012-05-07 22:09 - 2011-01-26 20:37 - 0000000 ____D C:\Users\All Users\McAfee
2012-05-07 22:09 - 2011-01-26 20:37 - 0000000 ____D C:\ProgramData\McAfee
2012-05-07 21:36 - 2012-05-07 21:29 - 0032445 ____A C:\Users\Sarah and Stu\Desktop\DDS.txt
2012-05-07 21:29 - 2012-05-07 21:29 - 10339653 ____A C:\Users\Sarah and Stu\Desktop\Attach.txt
2012-05-07 21:29 - 2012-05-07 21:29 - 0128659 ____A C:\Users\Sarah and Stu\Desktop\Attach.zip
2012-05-07 12:13 - 2012-01-31 01:13 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\ElevatedDiagnostics
2012-05-07 11:36 - 2012-05-07 03:38 - 0138658 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_23.38.52_log.txt
2012-05-07 03:35 - 2012-05-07 03:33 - 0140944 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_23.33.41_log.txt
2012-05-07 03:03 - 2012-05-07 02:58 - 0140202 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_22.58.34_log.txt
2012-05-07 03:01 - 2012-05-07 03:02 - 0036160 ____A C:\Users\Sarah and Stu\Downloads\kiwi.png
2012-05-07 02:58 - 2012-05-07 02:57 - 2055783 ____A C:\Users\Sarah and Stu\Downloads\tdsskiller.zip
2012-05-07 02:24 - 2012-05-07 02:24 - 0000488 ____A C:\Users\Sarah and Stu\Desktop\defogger_disable.log
2012-05-07 01:25 - 2012-05-07 01:25 - 0000000 ____A C:\Users\Sarah and Stu\defogger_reenable
2012-05-07 00:30 - 2012-05-07 00:30 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-07 00:18 - 2012-05-07 00:16 - 0138626 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_20.16.00_log.txt
2012-05-04 13:11 - 2012-05-04 13:11 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntcyhlrp.sys
2012-05-03 21:39 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-03 02:44 - 2012-05-03 02:44 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 02:43 - 2012-05-03 02:43 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-03 02:43 - 2012-05-03 02:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 02:40 - 2012-05-03 02:38 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmusjqhb.sys
2012-05-03 00:17 - 2012-05-03 00:17 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-03 00:17 - 2012-05-03 00:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-03 00:17 - 2012-05-03 00:16 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-03 00:17 - 2012-04-04 01:45 - 0732672 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-01 02:46 - 2012-05-01 02:46 - 4406431 ____A C:\Users\Sarah and Stu\Desktop\COKE Happiness Truck Post analysis Jan - Mar 12 v2.pptx
2012-05-01 02:32 - 2012-05-01 02:26 - 6561357 ____A C:\Users\Sarah and Stu\Desktop\COKE Summer Post analysis Jan - Mar 12 v1.pptx
2012-05-01 02:01 - 2012-05-01 00:54 - 0745104 ____A C:\Users\Sarah and Stu\Desktop\PO Tracker Apr V1.xlsx
2012-05-01 00:16 - 2011-11-05 16:33 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\vlc
2012-04-30 23:37 - 2012-04-30 23:37 - 0228700 ____A C:\Users\Sarah and Stu\Downloads\AVImedic.zip
2012-04-30 23:37 - 2012-04-30 23:37 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AVImedic
2012-04-30 23:06 - 2011-05-24 00:10 - 1182720 __ASH C:\Users\Sarah and Stu\Thumbs.db
2012-04-28 16:40 - 2012-04-28 16:40 - 2135728 ____A C:\Users\Sarah and Stu\Downloads\installspeedfan446.exe
2012-04-28 14:01 - 2012-04-28 14:01 - 0000040 ___SH C:\Users\All Users\.zreglib
2012-04-28 14:01 - 2012-04-28 14:01 - 0000040 ___SH C:\ProgramData\.zreglib
2012-04-28 14:00 - 2012-04-28 13:52 - 0280877 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD+7.0.3.0+HD+Key+++crack+++keygen.zip
2012-04-28 13:43 - 2012-04-28 13:42 - 5541030 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_HD_6.6.2.3__Setup___Registration_Key.zip
2012-04-28 13:29 - 2012-04-28 13:29 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova
2012-04-28 13:28 - 2012-04-28 13:27 - 10195665 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova.rar
2012-04-27 19:46 - 2012-04-27 19:46 - 0090097 ____A C:\Users\Sarah and Stu\Downloads\M2N_QVL.zip
2012-04-27 19:38 - 2011-02-23 07:37 - 0023802 ____A C:\Windows\PFRO.log
2012-04-27 12:38 - 2012-04-27 12:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\mseinstall.exe
2012-04-27 12:28 - 2011-05-21 21:22 - 0000000 ____D C:\Users\Sarah and Stu\AppData\LocalLow
2012-04-27 12:09 - 2011-12-15 01:30 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Samsung
2012-04-27 12:00 - 2012-04-27 12:00 - 0262680 ____A C:\Users\Sarah and Stu\Downloads\dotnetfx_cleanup_tool.zip
2012-04-27 12:00 - 2012-04-27 12:00 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\dotnetfx_cleanup_tool
2012-04-27 11:56 - 2012-04-27 11:55 - 2744944 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\NDP40-KB2656351-x64.exe
2012-04-27 11:55 - 2012-04-27 11:54 - 9557608 ____A (Microsoft Corporation) C:\Users\Sarah and Stu\Downloads\NDP40-KB2656351-IA64.exe
2012-04-24 11:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-22 19:11 - 2011-05-21 23:34 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\Skype
2012-04-22 15:04 - 2011-06-14 01:31 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\HandBrake
2012-04-22 14:51 - 2012-04-22 14:51 - 0000092 ____A C:\Users\Sarah and Stu\AppData\default.pls
2012-04-22 14:49 - 2011-06-27 02:14 - 0000069 ____A C:\Windows\NeroDigital.ini
2012-04-22 01:18 - 2009-07-13 21:08 - 0032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-20 14:26 - 2011-06-14 01:20 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\DVD's
2012-04-20 14:24 - 2011-03-17 18:44 - 0000000 ____D C:\Users\Sarah and Stu\Car Stuff
2012-04-18 01:31 - 2012-04-18 01:31 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\Zeitgeist
2012-04-18 01:29 - 2012-04-18 01:24 - 0000000 ____D C:\Users\Sarah and Stu\Desktop\The Social Network (2010)
2012-04-17 11:57 - 2012-04-17 11:57 - 0002044 ____A C:\Users\Sarah and Stu\Desktop\Work PC.RDP
2012-04-17 02:11 - 2012-04-17 02:10 - 80090551 ____A C:\Users\Sarah and Stu\Downloads\How.I.Met.Your.Mother.S07E21.480p.HDTV.X264-DIMENSION.mkv
2012-04-16 02:06 - 2012-04-16 01:18 - 85041314 ____A C:\Users\Sarah and Stu\Downloads\The.Simpsons.S23E18.480p.HDTV.x264-mSD.mkv
2012-04-16 01:19 - 2012-04-16 01:17 - 58361095 ____A C:\Users\Sarah and Stu\Downloads\sp.s16e05.480ph.x264-m.u29910.RMTeam.rar
2012-04-15 01:09 - 2011-09-06 00:07 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Google
2012-04-15 01:09 - 2011-09-06 00:07 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-14 23:00 - 2011-02-23 07:54 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-13 23:14 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-13 20:33 - 2011-11-20 23:42 - 0000000 ____D C:\Link V4
2012-04-13 20:18 - 2011-10-21 00:38 - 0000000 ____D C:\Users\Sarah and Stu\Documents\My Received Files
2012-04-13 03:07 - 2012-04-13 03:07 - 4370456 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 19592704 ____A (Intel Corporation) C:\Windows\System32\ig4icd64.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 14294016 ____A (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 12262336 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-04-13 03:07 - 2012-04-13 03:07 - 0963116 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0963116 ____A C:\Windows\System32\igkrng600.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0509976 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0418840 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0391704 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0380928 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0335872 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0288768 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0287232 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286720 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285696 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285184 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0285184 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0283648 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0283136 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0282624 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0282624 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-04-13 03:07 - 2012-04-13 03:07 - 0239128 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0216876 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0216876 ____A C:\Windows\System32\igfcg600m.bin
2012-04-13 03:07 - 2012-04-13 03:07 - 0179736 ____A C:\Windows\System32\difx64.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0167960 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-04-13 03:07 - 2012-04-13 03:07 - 0144896 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0142848 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-04-13 03:07 - 2012-04-13 03:07 - 0122368 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2342.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0024576 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-04-13 03:07 - 2012-04-13 03:07 - 0013488 ____A C:\Windows\System32\iglhxs64.vp
2012-04-13 03:07 - 2012-04-13 03:07 - 0004096 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 9014784 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 7473664 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 7386624 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 6068736 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 5692416 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 0575488 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 0385024 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 0109056 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 0062464 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-04-13 03:07 - 2011-01-26 19:44 - 0028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-04-12 00:15 - 2011-05-22 12:51 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-12 00:15 - 2011-05-22 12:51 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-12 00:03 - 2011-05-21 23:41 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 04:59 - 2012-04-10 01:25 - 573166933 ____A C:\Users\Sarah and Stu\Downloads\true.blood.s03e01.dvdrip.xvid.reward (1).avi
2012-04-10 04:07 - 2012-04-10 01:02 - 565923908 ____A C:\Users\Sarah and Stu\Downloads\Community.S03E14.720p.HDTV.X264-DIMENSION.mkv
2012-04-10 02:09 - 2012-04-10 01:01 - 121770615 ____A C:\Users\Sarah and Stu\Downloads\two.and.a.half.men.920.hdtv-lol.mp4
2012-04-10 01:09 - 2012-04-10 01:04 - 143078494 ____A C:\Users\Sarah and Stu\Downloads\The.Big.Bang.Theory.S05E21.HDTV.x264-LOL.mp4
2012-04-10 01:06 - 2012-04-10 01:00 - 172964218 ____A C:\Users\Sarah and Stu\Downloads\how.i.met.your.mother.720.hdtv-lol.mp4
2012-04-07 12:19 - 2012-04-07 12:18 - 0002038 ____A C:\Users\Sarah and Stu\Desktop\Homeserver.RDP
2012-04-06 17:23 - 2012-04-06 17:23 - 0110942 ____A C:\Users\Sarah and Stu\Wedding Anniversary Present.jpg
2012-04-06 16:29 - 2011-05-24 01:43 - 0000000 ____D C:\Users\Sarah and Stu\Ethan Kennedy Jones
2012-04-06 15:28 - 2012-04-06 15:23 - 57135739 ____A C:\Users\Sarah and Stu\Downloads\sp.s16e04.480ph.x264-m.u28673.RMTeam.rar
2012-04-06 12:52 - 2012-04-06 12:52 - 0001263 ____A C:\Users\Sarah and Stu\Desktop\Homeserver Folders.lnk
2012-04-04 02:21 - 2012-04-04 02:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{7C8FC616-4C3F-4664-8BE4-2D7588B3DF0B}
2012-04-04 01:47 - 2012-04-04 01:47 - 0000000 ____D C:\Program Files\Windows Server
2012-04-04 01:45 - 2009-07-13 18:34 - 0000877 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-04-03 19:56 - 2012-05-03 02:43 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 10:50 - 2012-04-03 10:49 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{6494DF02-7596-44CB-85AC-DF939BE328F9}
2012-04-03 03:10 - 2012-04-03 00:26 - 40148265 ____A C:\Users\Sarah and Stu\Downloads\ad.s07e16.480ph.x264-m.u28128.RMTeam (1).rar
2012-04-03 02:07 - 2012-04-03 00:24 - 632822459 ____A C:\Users\Sarah and Stu\Downloads\madness.on.wheels.rallyings.craziest.years.ws.pdtv.x264-ftp.mp4
2012-04-03 00:31 - 2012-04-03 00:27 - 53823478 ____A C:\Users\Sarah and Stu\Downloads\fg.s10e18.480ph.x264-m.u28191.RMTeam.rar
2012-04-03 00:29 - 2012-04-03 00:35 - 4310090 ____A C:\Users\Sarah and Stu\IMG_6500.JPG
2012-04-03 00:27 - 2012-04-03 00:27 - 0000087 ____A C:\Users\Sarah and Stu\Downloads\luzwzcaf2c6090e5.js
2012-04-03 00:11 - 2012-04-03 00:15 - 3156669 ____A C:\Users\Sarah and Stu\IMG_6498.JPG
2012-04-02 23:31 - 2012-04-02 23:38 - 3861931 ____A C:\Users\Sarah and Stu\IMG_6495.JPG
2012-04-02 22:49 - 2012-04-02 22:49 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{07853DB8-FCB3-4CA4-8C48-4382B40E41F1}
2012-04-02 00:57 - 2012-04-02 00:55 - 59133415 ____A C:\Users\Sarah and Stu\Downloads\ad.s07e16.480ph.x264-m.u28128.RMTeam.rar
2012-04-02 00:18 - 2012-04-02 00:18 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{5C0C273C-820D-4894-933B-E83A5F56DAF8}
2012-03-29 00:22 - 2012-03-29 00:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{81C5112B-A86B-4463-B0DE-2D5021E1D4F5}
2012-03-27 20:39 - 2012-03-27 20:39 - 12811776 ____A C:\Users\Sarah and Stu\Downloads\DriveBenderWHS v1222.msi
2012-03-27 01:43 - 2012-03-27 01:42 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{D48CBE0E-123A-408F-B2FD-E90DE95D51E4}
2012-03-27 01:42 - 2012-03-27 01:41 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{DBF5220B-59AE-40BF-8255-D384EC8D4781}
2012-03-27 01:35 - 2012-03-27 01:35 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Deployment
2012-03-27 01:35 - 2012-03-27 01:35 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Apps\2.0
2012-03-25 23:51 - 2012-03-25 23:47 - 65176581 ____A C:\Users\Sarah and Stu\Downloads\ad.s07e15.480ph.x264-m.u26936.RMTeam.rar
2012-03-25 23:08 - 2012-03-25 23:08 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{5EAC78C2-C547-4612-A4DC-7F5BB26D8058}
2012-03-25 23:08 - 2012-03-25 23:07 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{F8F4D078-C579-4961-A5C1-F0884654E955}
2012-03-24 22:49 - 2012-03-24 22:49 - 2611485 ____A C:\Users\Sarah and Stu\Downloads\Chw7.rar
2012-03-24 17:33 - 2011-05-24 01:26 - 0000000 ___RD C:\Users\Sarah and Stu\My Pictures
2012-03-23 15:23 - 2011-03-17 18:43 - 0269824 ____A C:\Users\Sarah and Stu\Jones Important Details.xls
2012-03-23 02:36 - 2012-03-23 02:24 - 102019558 ____A C:\Users\Sarah and Stu\Downloads\Community.S03E12.480p.HDTV.x264-mSD (1).mkv
2012-03-22 20:53 - 2012-03-22 20:52 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{93731E66-AC5A-4AF1-B74D-D91BBF3F4EB6}
2012-03-22 20:52 - 2012-03-22 20:52 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{950FCF2F-F261-43A7-8F15-A8E861D26B67}
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-22 01:33 - 2012-03-22 01:32 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{11C87AA8-1741-4B77-A249-3CB7A172A3EC}
2012-03-22 01:32 - 2012-03-22 01:31 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{61B642C6-C187-4EA2-899D-3A5326C2FDD1}
2012-03-22 00:10 - 2011-09-06 00:07 - 0000000 ____D C:\Program Files\Google
2012-03-22 00:07 - 2009-07-13 21:08 - 0000000 ____D C:\users\Administrator
2012-03-22 00:07 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-22 00:05 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-21 23:59 - 2011-08-20 01:31 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\CrashDumps
2012-03-21 23:03 - 2011-09-06 00:07 - 0000000 ____D C:\Users\All Users\Google
2012-03-21 23:03 - 2011-09-06 00:07 - 0000000 ____D C:\ProgramData\Google
2012-03-21 21:49 - 2012-03-21 21:46 - 0000000 ____D C:\Users\Sarah and Stu\Old Laptop
2012-03-20 01:05 - 2012-03-20 01:05 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{D87EA4DA-45C8-4198-9F5C-CEBBF4BFC536}
2012-03-20 01:05 - 2012-03-20 01:05 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{7EE0F08D-8848-437B-9CC2-19E4F1B477C5}
2012-03-20 00:44 - 2012-03-20 00:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 00:44 - 2012-03-20 00:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 00:27 - 2012-03-20 00:26 - 0004764 ____A C:\Users\Sarah and Stu\Documents\SXE10 3sge+t EBlue.GSC
2012-03-19 19:56 - 2012-03-19 19:56 - 0000000 ____D C:\Users\Sarah and Stu\Documents\AnyDVDHD
2012-03-19 19:51 - 2012-03-19 19:51 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AnyDVD---AnyDVD-HD-7.0.2.0-Final-HD-Inc-Trial-Resetter-BssBig
2012-03-19 19:51 - 2012-03-19 19:46 - 10109845 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD---AnyDVD-HD-7.0.2.0-Final-HD-Inc-Trial-Resetter-BssBig.rar
2012-03-19 19:47 - 2012-03-19 19:30 - 99533855 ____A C:\Users\Sarah and Stu\Downloads\Community.S03E11.480p.HDTV.x264-mSD.mkv
2012-03-19 19:39 - 2012-03-19 19:39 - 6055875 ____A (LIGHTNING UK!) C:\Users\Sarah and Stu\Downloads\SetupImgBurn_2.5.6.0.exe
2012-03-19 19:34 - 2012-03-19 19:26 - 76547643 ____A C:\Users\Sarah and Stu\Downloads\Two.and.a.Half.Men.S09E19.480p.HDTV.x264-mSD.mkv
2012-03-19 19:33 - 2012-03-19 19:33 - 0207740 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_HD_v6.8.9.0_Multilingual_WinALL_Cracked_full_version.zip
2012-03-19 18:33 - 2012-03-19 18:33 - 0714648 ____A C:\Users\Sarah and Stu\Downloads\Dell_Client_Management_Pack_v4.1_A00.exe
2012-03-18 22:54 - 2012-03-18 22:54 - 2269883 ____A C:\Users\Sarah and Stu\Downloads\e-Manage Support Tool Manual.pdf
2012-03-18 22:52 - 2012-03-18 22:52 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{0AFA7A21-4CCC-46C2-9922-763CB84583D3}
2012-03-18 22:52 - 2012-03-18 22:51 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{77A54878-1896-4EAF-85FD-FEFCCB18FD13}
2012-03-18 22:42 - 2011-11-26 16:04 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\Help
2012-03-17 23:42 - 2012-03-17 23:42 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{EF0E98B7-F047-48B6-BD19-F3DC49731632}
2012-03-17 23:42 - 2012-03-17 23:42 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{195D1FDD-812E-431C-803A-732F2CAE07BD}
2012-03-17 00:21 - 2012-03-17 00:21 - 0262074 ____A C:\Users\Sarah and Stu\Downloads\LEM V5e install - wire.pdf
2012-03-16 20:41 - 2012-03-16 20:41 - 0000000 ____D C:\Users\All Users\SlySoft
2012-03-16 20:41 - 2012-03-16 20:41 - 0000000 ____D C:\ProgramData\SlySoft
2012-03-16 20:39 - 2012-02-27 19:28 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2012-03-16 20:38 - 2012-03-16 20:38 - 0000000 ____D C:\Program Files (x86)\SlySoft
2012-03-16 20:34 - 2012-03-16 20:34 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{B359E67C-DA2D-4BDF-8A9A-34ADEA1FB148}
2012-03-16 20:34 - 2012-03-16 20:34 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{527BF85B-C355-422F-A735-BD1D83585668}
2012-03-16 17:24 - 2012-03-16 17:24 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{3A3875CD-EF40-4824-8F08-28B7475DA769}
2012-03-16 00:33 - 2012-03-16 00:33 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{CE497BE5-11F4-4260-BAE4-3D2757631611}
2012-03-16 00:33 - 2012-03-16 00:33 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{AD403A10-0372-4915-84FA-880F717C4DDB}
2012-03-15 23:25 - 2012-03-15 23:25 - 0000000 ____D C:\Program Files\DIFX
2012-03-15 23:25 - 2011-02-23 07:48 - 0010064 ____A C:\Windows\DPINST.LOG
2012-03-15 23:24 - 2012-03-15 23:23 - 0000000 ____D C:\Program Files (x86)\LeapFrog
2012-03-15 23:23 - 2012-03-15 23:23 - 0000000 ____D C:\Users\All Users\Leapfrog
2012-03-15 23:23 - 2012-03-15 23:23 - 0000000 ____D C:\ProgramData\Leapfrog
2012-03-14 10:44 - 2009-07-13 20:45 - 0436816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 01:52 - 2012-03-14 01:52 - 0004096 ____A C:\Windows\d3dx.dat
2012-03-14 01:52 - 2012-03-14 01:51 - 0000000 ____D C:\Users\All Users\AirportMania
2012-03-14 01:52 - 2012-03-14 01:51 - 0000000 ____D C:\ProgramData\AirportMania
2012-03-14 00:35 - 2012-03-14 00:35 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{F4E5003A-A5F9-402F-8814-2DA5D09FD7C1}
2012-03-14 00:35 - 2012-03-14 00:35 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{4D9BE8AE-6572-4B31-B848-9F56853B6C7D}
2012-03-12 23:09 - 2012-03-12 23:08 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{E8391DC7-3EBB-4D60-A622-9343190DA417}
2012-03-12 23:08 - 2012-03-12 23:08 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{AA016AA2-0730-4003-8B02-95ACFCEF35B3}
2012-03-12 00:21 - 2012-03-12 00:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{89DE2107-565C-4CAE-A895-6D41E40E4371}
2012-03-12 00:21 - 2012-03-12 00:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{0C20F27E-2AA8-4F92-A6E7-8B8DF5A816E1}
2012-03-09 17:22 - 2012-03-09 17:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{642C4585-FF4E-4155-87FE-C6355AC40C5C}
2012-03-09 17:21 - 2012-03-09 17:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{88FFB658-FFD9-4796-AFDA-166450B52E18}
2012-03-09 06:12 - 2012-03-09 06:12 - 0138360 ____A (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2012-03-09 06:12 - 2012-03-09 06:12 - 0138360 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
2012-03-08 23:11 - 2012-03-08 23:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{6167208A-1B1B-4DF0-BA7C-B97B65DC4DC0}
2012-03-08 23:11 - 2012-03-08 23:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{3F5B77E0-F459-49E8-BD1F-4ACDA7078D05}
2012-03-08 00:11 - 2012-03-08 00:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{93403A94-088B-414B-802A-5D32A77CA111}
2012-03-08 00:11 - 2012-03-08 00:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{87D7F6DB-E71A-45B6-8731-60617AAF9A0B}
2012-03-07 22:50 - 2012-03-07 22:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-07 00:00 - 2012-03-06 23:33 - 15123986 ____A C:\Users\Sarah and Stu\Downloads\A Pocketful Of Stones MP3.mp3
2012-03-06 23:11 - 2012-03-06 23:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{4D05D02A-6BDF-4B2B-AD94-F4493E26A0FC}
2012-03-06 23:11 - 2012-03-06 23:10 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{3906A43C-795B-4F48-A229-E47D89BD153E}
2012-03-05 23:38 - 2011-06-14 01:30 - 0000000 ____D C:\Program Files (x86)\Handbrake
2012-03-05 22:53 - 2012-04-12 00:08 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 22:49 - 2012-03-05 22:49 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{72B5AEA0-79A0-44E1-BF38-50D88A5CE079}
2012-03-05 22:49 - 2012-03-05 22:48 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{7D466BA4-9B0C-4D91-9EBC-E58370E225D6}
2012-03-05 21:59 - 2012-04-12 00:08 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-12 00:08 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 21:09 - 2012-03-05 21:09 - 3119971 ____A C:\Users\Sarah and Stu\Downloads\Forget_About_Me.zip.1i9lkfp.partial
2012-03-05 00:26 - 2012-03-05 00:26 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{48C44B19-4FBC-49F6-B29F-598E280D3353}
2012-03-05 00:26 - 2012-03-05 00:26 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{05468471-8032-438B-BBEA-76B5A91C8A27}
2012-03-04 21:48 - 2012-03-04 21:48 - 0000087 ____A C:\Users\Sarah and Stu\Downloads\w9p3lnxic2cdfe90.js
2012-03-03 19:30 - 2012-03-03 19:30 - 0000000 ____D C:\Program Files (x86)\TRUST
2012-03-03 17:11 - 2012-03-03 17:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{1BF34211-932C-4B64-B9CD-709BB0C67012}
2012-03-03 17:11 - 2012-03-03 17:11 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{05180A12-18DC-4CEB-BD0B-1C4CE62D5A9B}
2012-02-29 22:46 - 2012-04-12 00:02 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-12 00:02 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-12 00:02 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-12 00:02 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-12 00:02 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-12 00:02 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 00:02 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 06:02 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-02-29 00:18 - 2012-02-29 00:18 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{273F3C92-D798-4616-AC7B-FC1AC239BC4D}
2012-02-29 00:18 - 2012-02-29 00:17 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{10FA9C70-B417-45F2-9F5F-19A352F90AF5}
2012-02-27 23:34 - 2012-04-12 00:14 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-12 00:13 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-12 00:14 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-12 00:14 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-12 00:14 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-12 00:14 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-12 00:14 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-12 00:14 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-12 00:14 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-12 00:14 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-12 00:14 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-12 00:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-12 00:14 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-12 00:14 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-12 00:14 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-12 00:14 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-12 00:14 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-12 00:14 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 00:14 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-12 00:14 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-12 00:14 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 00:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-12 00:14 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-12 00:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 00:14 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 00:14 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 16:54 - 2012-02-27 16:53 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{B224F961-B67B-46C8-AD49-D6828E666D01}
2012-02-27 16:53 - 2012-02-27 16:53 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{5488E92A-2524-439E-AA32-C38CEDC9ACBA}
2012-02-25 18:39 - 2012-02-25 18:39 - 0368915 ____A () C:\Users\Sarah and Stu\Downloads\e-manage149.EXE
2012-02-25 18:39 - 2012-02-25 18:39 - 0368711 ____A () C:\Users\Sarah and Stu\Downloads\e-manage125.EXE
2012-02-25 16:52 - 2012-02-25 16:52 - 0023413 ____A C:\Users\Sarah and Stu\Downloads\3S-GE_Codes_List.pdf
2012-02-25 16:04 - 2012-02-25 16:04 - 0262370 ____A C:\Users\Sarah and Stu\Downloads\3S-GE_ECU_PINOUT.pdf
2012-02-25 16:04 - 2012-02-25 16:04 - 0217046 ____A C:\Users\Sarah and Stu\Downloads\3S-GE_Wiring_Diagram.pdf
2012-02-25 15:36 - 2012-02-25 15:36 - 2483467 ____A C:\Users\Sarah and Stu\Downloads\e-manage_Blue_Install.pdf
2012-02-24 01:14 - 2012-04-25 02:10 - 0203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-02-24 01:14 - 2012-04-25 02:10 - 0099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-02-20 22:45 - 2011-01-26 20:46 - 0000000 ____D C:\Program Files (x86)\NTI
2012-02-20 22:37 - 2011-01-26 20:22 - 0000000 ____D C:\Windows\Downloaded Installations
2012-02-19 21:45 - 2012-02-18 15:07 - 0000193 ____A C:\Users\Sarah and Stu\Downloads\IRT_0501_02 (1).avi
2012-02-18 15:03 - 2012-02-18 15:03 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{9D45683F-1897-4D86-8945-44D55F96480E}
2012-02-18 15:03 - 2012-02-18 15:02 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{373BFC48-1822-48D8-9C05-09ECEB550592}
2012-02-18 15:03 - 2012-02-17 16:53 - 0000193 ____A C:\Users\Sarah and Stu\Downloads\IRT_0501_02.avi
2012-02-17 23:26 - 2012-02-17 23:26 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{C72D2EC4-9B30-4ADA-8BD8-85F55EFC566B}
2012-02-17 23:26 - 2012-02-17 23:26 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{613C8B97-BDAE-48BC-BEAB-67C4E8F414AE}
2012-02-16 22:38 - 2012-03-13 20:19 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 20:19 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 20:19 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 20:19 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 20:52 - 2012-02-16 20:51 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{E0A51BAE-5C29-443B-B00D-5D85A3F4D6C7}
2012-02-16 20:51 - 2012-02-16 20:51 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{E809F063-44A8-41D7-B61F-0284FAE89284}
2012-02-16 01:09 - 2011-01-26 20:37 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 21:42 - 2011-05-21 21:24 - 0000174 ___SH C:\Users\Sarah and Stu\Start Menu\Programs\Startup\desktop.ini
2012-02-15 21:42 - 2011-05-21 21:24 - 0000174 ___SH C:\Users\Sarah and Stu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 23:21 - 2012-02-14 23:21 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{911A0998-BEA7-4D9C-B800-AD71D2D1401C}
2012-02-14 23:21 - 2012-02-14 23:20 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{C5747E6A-60F2-4B17-A0CD-51DCCBFF7741}
2012-02-13 19:50 - 2012-02-13 19:50 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{83C0E08B-95E4-4BA5-ACBA-B843D1B10E94}
2012-02-13 19:50 - 2012-02-13 19:50 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{218A3631-8C8E-4373-8FE8-DAA7282A1CAA}
2012-02-11 18:54 - 2012-02-11 18:54 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{D452C5F3-3CA2-4AA4-BC8D-9D4F866F128E}
2012-02-11 18:54 - 2012-02-11 18:54 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Local\{3734AB3A-118F-43B6-B94F-B3B600008B41}
2012-02-11 16:44 - 2012-02-11 16:44 - 0896059 ____A C:\Users\Sarah and Stu\Moose & Dob Cropped.jpg
2012-02-11 16:43 - 2012-02-08 01:41 - 0896059 ____A C:\Users\Sarah and Stu\IMG_6358.JPG
2012-02-11 13:16 - 2012-02-10 11:21 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-02-11 01:35 - 2011-05-22 13:07 - 0000000 ____D C:\Users\Sarah and Stu\AppData\Roaming\uTorrent

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3947.86 MB
Available physical RAM: 3212.3 MB
Total Pagefile: 3946.01 MB
Available Pagefile: 3196.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:224.2 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 964 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 450 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 450 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 962 MB 1772 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 962 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-08 22:35

======================= End Of Log ==========================

Edited by KiwiStu, 10 May 2012 - 03:24 AM.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 10 May 2012 - 07:22 AM

Hi!

The following should allow you to boot back up again.

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2012-05-09 14:47 - 2012-05-09 14:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ygsesycd.sys
2012-05-09 14:16 - 2012-05-09 14:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lhpuatme.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qubebspu.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzuykgyp.sys
1 kzuykgyp; C:\Windows\System32\Drivers\kzuykgyp.sys [50000 2012-05-09] (Microsoft Corporation)
1 lhpuatme; C:\Windows\System32\Drivers\lhpuatme.sys [50000 2012-05-09] (Microsoft Corporation)
1 qubebspu; C:\Windows\System32\Drivers\qubebspu.sys [50000 2012-05-09] (Microsoft Corporation)
1 ygsesycd; C:\Windows\System32\Drivers\ygsesycd.sys [50000 2012-05-09] (Microsoft Corporation)
2012-05-04 13:11 - 2012-05-04 13:11 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntcyhlrp.sys
2012-05-03 02:38 - 2012-05-03 02:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmusjqhb.sys
2012-04-28 14:17 - 2012-05-09 11:32 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-28 13:52 - 2012-04-28 14:00 - 0280877 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD+7.0.3.0+HD+Key+++crack+++keygen.zip
2012-04-28 13:42 - 2012-04-28 13:43 - 5541030 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_HD_6.6.2.3__Setup___Registration_Key.zip
2012-04-28 13:29 - 2012-04-28 13:29 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova
2012-04-28 13:27 - 2012-04-28 13:28 - 10195665 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_7.0.2.0_-_HD-BR-Final-Nova.rar
2012-05-09 14:47 - 2012-05-09 14:47 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ygsesycd.sys
2012-05-09 14:16 - 2012-05-09 14:16 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lhpuatme.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qubebspu.sys
2012-05-09 11:37 - 2012-05-09 11:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzuykgyp.sys
2012-05-09 11:32 - 2012-04-28 14:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-04 13:11 - 2012-05-04 13:11 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntcyhlrp.sys
2012-05-03 02:40 - 2012-05-03 02:38 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmusjqhb.sys
2012-03-19 19:51 - 2012-03-19 19:51 - 0000000 ____D C:\Users\Sarah and Stu\Downloads\AnyDVD---AnyDVD-HD-7.0.2.0-Final-HD-Inc-Trial-Resetter-BssBig
2012-03-19 19:51 - 2012-03-19 19:46 - 10109845 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD---AnyDVD-HD-7.0.2.0-Final-HD-Inc-Trial-Resetter-BssBig.rar
2012-03-19 19:33 - 2012-03-19 19:33 - 0207740 ____A C:\Users\Sarah and Stu\Downloads\AnyDVD_HD_v6.8.9.0_Multilingual_WinALL_Cracked_full_version.zip
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



Please proceed with running the instructions for ComboFix.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 11 May 2012 - 03:15 AM

Hi ST,

Thanks for the FRST fix, its certainly made a difference, absolutely no problems starting up now.
Is it ok to delete un-wanted programs and files while we are sorting things out? I've noticed a whole heap of redundant programs and items that I would like to delete - absolutely no issues waiting till later however. Overall I've noticed the MSE pop up is only showing one potential threat now: Program:Win32/CoinMiner. Thanks so much so far!

ComboFix log:

ComboFix 12-05-11.02 - Sarah and Stu 11/05/2012 19:18:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.2208 [GMT 12:00]
Running from: c:\users\Sarah and Stu\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Sarah and Stu\06.jpg
c:\users\Sarah and Stu\07.jpg
c:\users\Sarah and Stu\09.jpg
c:\users\Sarah and Stu\100.txt
c:\users\Sarah and Stu\11.jpg
c:\users\Sarah and Stu\12.jpg
c:\users\Sarah and Stu\13.jpg
c:\users\Sarah and Stu\16.jpg
c:\users\Sarah and Stu\AppData\Local\cscript.exe
c:\users\Sarah and Stu\AppData\Local\DisableService.reg
c:\users\Sarah and Stu\AppData\Local\hs_message.vbs
c:\users\Sarah and Stu\AppData\Local\instsrv.exe
c:\users\Sarah and Stu\AppData\Local\KMService.exe
c:\users\Sarah and Stu\AppData\Local\ospp.vbs
c:\users\Sarah and Stu\AppData\Local\osppc.dll
c:\users\Sarah and Stu\AppData\Local\ospprearm.exe
c:\users\Sarah and Stu\AppData\Local\PortQry.exe
c:\users\Sarah and Stu\AppData\Local\regall.reg
c:\users\Sarah and Stu\AppData\Local\service.inf
c:\users\Sarah and Stu\AppData\Local\slerror.xml
c:\users\Sarah and Stu\AppData\Local\srvany.exe
c:\users\Sarah and Stu\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Sarah and Stu\AppData\Local\Temp\RarSFX2\AppRemover_64.exe
c:\users\Sarah and Stu\AppData\Local\tokensall.dat
c:\users\SARAHA~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\SARAHA~1\AppData\Local\Temp\RarSFX2\AppRemover_64.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
-------\Legacy_SFILTER
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 04:08 . 2012-05-11 04:09 -------- d-----w- C:\FRST
2012-05-10 08:24 . 2012-04-12 13:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E3C2E78-CBDE-4D83-84DC-1C7ABFC49E2C}\mpengine.dll
2012-05-09 19:31 . 2012-05-09 19:31 -------- d-----we c:\windows\system64
2012-05-09 10:28 . 2012-05-09 10:28 -------- d-----w- C:\_OTL
2012-05-08 08:25 . 2012-05-10 08:03 -------- d-----w- c:\users\Sarah and Stu\AppData\Roaming\GlarySoft
2012-05-08 08:21 . 2012-05-10 06:13 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-05-07 10:59 . 2012-05-10 08:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 08:30 . 2012-05-07 08:30 -------- d-----w- c:\program files (x86)\ESET
2012-05-03 10:44 . 2012-05-11 06:38 -------- d-----w- c:\users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 09:44 . 2012-02-09 01:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6868C60A-86D9-4BF9-9073-D2EFB889F5C4}\gapaengine.dll
2012-05-03 08:17 . 2012-05-03 08:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-03 08:16 . 2012-05-03 08:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-25 10:10 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-04-25 10:10 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-04-16 11:02 . 2012-05-10 23:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 08:14 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 08:08 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:08 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:08 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 08:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 23:21 . 2011-05-22 07:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-10 23:02 . 2012-04-04 06:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 23:02 . 2011-05-26 08:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 15:20 . 2011-07-10 20:34 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-04-13 11:07 . 2011-01-27 03:44 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-04-13 11:07 . 2011-01-27 03:44 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-13 11:07 . 2011-01-27 03:44 7473664 ----a-w- c:\windows\system32\igdumd64.dll
2012-04-13 11:07 . 2011-01-27 03:44 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-04-13 11:07 . 2011-01-27 03:44 385024 ----a-w- c:\windows\system32\igfxdev.dll
2012-04-13 11:07 . 2011-01-27 03:44 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-04-13 11:07 . 2011-01-27 03:44 5692416 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-04-13 11:07 . 2011-01-27 03:44 7386624 ----a-w- c:\windows\system32\igd10umd64.dll
2012-04-13 11:07 . 2011-01-27 03:44 6068736 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-04-13 11:07 . 2011-01-27 03:44 109056 ----a-w- c:\windows\system32\hccutils.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 08:44 . 2012-03-20 08:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 08:44 . 2012-03-20 08:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-08 06:50 . 2012-03-08 06:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-17 06:38 . 2012-03-14 04:19 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:19 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:19 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2006-05-18 04:58 . 2012-01-22 06:35 385024 ----a-w- c:\program files\projectGSC.exe
2004-08-16 05:12 . 2012-01-22 06:35 397312 ----a-w- c:\program files\projectGSCresUS.dll
2004-08-16 05:11 . 2012-01-22 06:35 393216 ----a-w- c:\program files\projectGSCresJP.dll
2001-06-06 04:23 . 2012-01-22 06:35 4094 ----a-w- c:\program files\USER_W.BIN
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-01-18 1028688]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-19 1836328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-11 268640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-01-18 313424]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-11 40832]
S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-03-17 2025336]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 119296]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:02]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 08:07]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 08:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"ALU"="c:\program files\Acer\Acer Updater\ALU.exe" [2010-02-09 2280992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-13 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-13 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-13 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF10820.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vmnetuserif
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=625675ed0000000000008a9ffaa30287&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.hardId - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
AddRemove-LINKCOMM&12B8&EC60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\LINKCOMM&12B8&EC60
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-SLABCOMM&12B8&EC60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&12B8&EC60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-KMCZ-4CQJ-KH7D-M4SF-ENZ8-MPZFKVW"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Completion time: 2012-05-11 19:58:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 07:58
.
Pre-Run: 241,333,084,160 bytes free
Post-Run: 241,416,343,552 bytes free
.
- - End Of File - - 684F8444A3AD4255CD342F3C1ECE28CB

Edited by KiwiStu, 11 May 2012 - 03:22 AM.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 11 May 2012 - 07:52 AM

Hi Stu!

I'd actually prefer it if you could hold off on doing any uninstalling of programs and removal of files for right now.

Overall I've noticed the MSE pop up is only showing one potential threat now: Program:Win32/CoinMiner.

Does it give you a location for where this threat is being detected?

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Firefox::
FF - ProfilePath - c:\users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=625675ed0000000000008a9ffaa30287&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.hardId - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log.
3. MalwareBytes' Anti-Malware log.
4. ESET Online Virus Scanner log.
5. Security Check log.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 KiwiStu

KiwiStu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 11 May 2012 - 04:41 PM

Hi ST,

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
Windows update has popped up saying there are a number of security updates available, should I install these? Other than that no other questinos at this stage thanks, happy to follow direction.

2. ComboFix.txt log.

ComboFix 12-05-11.03 - Sarah and Stu 12/05/2012 7:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.1950 [GMT 12:00]
Running from: c:\users\Sarah and Stu\Desktop\ComboFix.exe
Command switches used :: c:\users\Sarah and Stu\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah and Stu\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\SARAHA~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 19:36 . 2012-05-11 19:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E3C2E78-CBDE-4D83-84DC-1C7ABFC49E2C}\offreg.dll
2012-05-11 19:35 . 2012-05-11 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 19:35 . 2012-05-11 19:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-11 04:08 . 2012-05-11 04:09 -------- d-----w- C:\FRST
2012-05-10 08:24 . 2012-04-12 13:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E3C2E78-CBDE-4D83-84DC-1C7ABFC49E2C}\mpengine.dll
2012-05-09 19:31 . 2012-05-09 19:31 -------- d-----we c:\windows\system64
2012-05-09 10:28 . 2012-05-09 10:28 -------- d-----w- C:\_OTL
2012-05-08 08:25 . 2012-05-10 08:03 -------- d-----w- c:\users\Sarah and Stu\AppData\Roaming\GlarySoft
2012-05-08 08:21 . 2012-05-10 06:13 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-05-07 10:59 . 2012-05-10 08:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 08:30 . 2012-05-07 08:30 -------- d-----w- c:\program files (x86)\ESET
2012-05-03 10:44 . 2012-05-11 06:38 -------- d-----w- c:\users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 09:44 . 2012-02-09 01:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6868C60A-86D9-4BF9-9073-D2EFB889F5C4}\gapaengine.dll
2012-05-03 08:17 . 2012-05-03 08:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-03 08:16 . 2012-05-03 08:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-25 10:10 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-04-25 10:10 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-04-16 11:02 . 2012-05-10 23:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 08:14 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 08:08 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:08 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:08 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 08:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 23:21 . 2011-05-22 07:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-10 23:02 . 2012-04-04 06:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 23:02 . 2011-05-26 08:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 15:20 . 2011-07-10 20:34 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-04-13 11:07 . 2011-01-27 03:44 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-04-13 11:07 . 2011-01-27 03:44 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-13 11:07 . 2011-01-27 03:44 7473664 ----a-w- c:\windows\system32\igdumd64.dll
2012-04-13 11:07 . 2011-01-27 03:44 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-04-13 11:07 . 2011-01-27 03:44 385024 ----a-w- c:\windows\system32\igfxdev.dll
2012-04-13 11:07 . 2011-01-27 03:44 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-04-13 11:07 . 2011-01-27 03:44 5692416 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-04-13 11:07 . 2011-01-27 03:44 7386624 ----a-w- c:\windows\system32\igd10umd64.dll
2012-04-13 11:07 . 2011-01-27 03:44 6068736 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-04-13 11:07 . 2011-01-27 03:44 109056 ----a-w- c:\windows\system32\hccutils.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 08:44 . 2012-03-20 08:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 08:44 . 2012-03-20 08:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-08 06:50 . 2012-03-08 06:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-17 06:38 . 2012-03-14 04:19 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:19 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:19 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2006-05-18 04:58 . 2012-01-22 06:35 385024 ----a-w- c:\program files\projectGSC.exe
2004-08-16 05:12 . 2012-01-22 06:35 397312 ----a-w- c:\program files\projectGSCresUS.dll
2004-08-16 05:11 . 2012-01-22 06:35 393216 ----a-w- c:\program files\projectGSCresJP.dll
2001-06-06 04:23 . 2012-01-22 06:35 4094 ----a-w- c:\program files\USER_W.BIN
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-11_07.45.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-11 19:38 34018 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 05:24 . 2012-05-11 19:38 20762 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1081352181-3879122560-2544038368-1001_UserData.bin
+ 2011-02-23 16:18 . 2012-05-11 08:00 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-23 16:18 . 2012-05-11 07:36 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-23 16:18 . 2012-05-11 07:36 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-23 16:18 . 2012-05-11 08:00 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-11 07:36 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-11 08:00 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-11 08:02 34002 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 05:24 . 2012-05-11 08:02 20500 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1081352181-3879122560-2544038368-1001_UserData.bin
- 2011-02-23 16:18 . 2012-05-11 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 16:18 . 2012-05-11 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 16:18 . 2012-05-11 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-23 16:18 . 2012-05-11 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-11 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-11 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-11 07:36 . 2012-05-11 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-11 19:36 . 2012-05-11 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-11 19:36 . 2012-05-11 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-11 07:36 . 2012-05-11 07:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-22 06:22 . 2012-05-11 14:45 296020 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-05-22 06:22 . 2012-05-11 14:45 296020 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-05-11 19:35 407276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-11 07:35 407276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-22 20:23 . 2012-05-11 19:35 11183660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1081352181-3879122560-2544038368-1001-8192.dat
+ 2012-05-11 19:22 . 2012-05-11 19:22 10780672 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-01-18 1028688]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-19 1836328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-11 268640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-01-18 313424]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-11 40832]
S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-03-17 2025336]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 119296]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:02]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 08:07]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 08:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Launchpad"="c:\program files (x86)\Windows Server\Bin\Launchpad.exe" [BU]
"ALU"="c:\program files\Acer\Acer Updater\ALU.exe" [2010-02-09 2280992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-13 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-13 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-13 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vmnetuserif
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-KMCZ-4CQJ-KH7D-M4SF-ENZ8-MPZFKVW"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\Acer.scr
.
**************************************************************************
.
Completion time: 2012-05-12 07:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 19:51
ComboFix2.txt 2012-05-11 07:58
.
Pre-Run: 240,619,704,320 bytes free
Post-Run: 240,325,828,608 bytes free
.
- - End Of File - - 1C26CD0C747C925754D4F04C51F4257A

3. MalwareBytes' Anti-Malware log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah and Stu :: ACERLAPTOP [administrator]

Protection: Enabled

12/05/2012 7:58:34 a.m.
mbam-log-2012-05-12 (07-58-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211931
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

4. ESET Online Virus Scanner log.

C:\FRST\Quarantine\AnyDVD+7.0.3.0+HD+Key+++crack+++keygen.zip a variant of Win32/Kryptik.AEGB trojan deleted - quarantined
C:\FRST\Quarantine\AnyDVD_HD_v6.8.9.0_Multilingual_WinALL_Cracked_full_version.zip Win32/Sirefef.DB trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Sarah and Stu\AppData\Local\KMService.exe.vir a variant of Win32/HackKMS.A application cleaned by deleting - quarantined

5. Security Check log.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.3)
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

6. An update on how your computer is currently running.
I'm not sure but it does seem to be a bit quicker and more responsive. I havent seen any more notifications from MSE so the threat may have been dealt with.

Thanks!
Stu

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:07 AM

Posted 12 May 2012 - 08:27 AM

Hi Stu!

Windows update has popped up saying there are a number of security updates available, should I install these? Other than that no other questinos at this stage thanks, happy to follow direction.

Yes, go ahead and allow them to install.

This computer got infected by these 2 files being downloaded:

C:\FRST\Quarantine\AnyDVD+7.0.3.0+HD+Key+++crack+++keygen.zip a variant of Win32/Kryptik.AEGB trojan deleted - quarantined
C:\FRST\Quarantine\AnyDVD_HD_v6.8.9.0_Multilingual_WinALL_Cracked_full_version.zip Win32/Sirefef.DB trojan deleted - quarantined


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 12.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting About.

Please make sure that you check for updates again by selecting the Aboutmenu after updating to the latest version to make sure that you have in fact received the latest version.


NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users