Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malwarebytes keeps detecting the same registry trojan agent 31375 that points to TEMP folder


  • This topic is locked This topic is locked
25 replies to this topic

#1 njames83

njames83

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 01 July 2012 - 10:09 AM

Everytime i scan with malwarebytes I keep getting the same infection stated below. I ran combofix,tdsskiller, OTL, aswMBR, avira and this things keep popping up. Avira also kept finding Atraps.Gen2, but i beleived I got rid of that one


Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|31375 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msiszuuu.com -> Delete on reboot.


Update: Avira was running again and it found ATRAPS.Gen and Crypt.xpack.gen. HELP!!!!!

Edited by njames83, 01 July 2012 - 11:14 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 01 July 2012 - 11:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 02 July 2012 - 08:58 AM

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by nick at 9:48:27 on 2012-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4196 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mExplorerRun: [31375] C:\PROGRA~3\LOCALS~1\Temp\msiszuuu.com
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB3FDED3-D259-428E-B5AC-B7FC31D1C8BB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO-X64: AOL Messaging Toolbar Loader - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-9-29 175072]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-30 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-30 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-6-30 575448]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-16 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-9-29 17920]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-15 673088]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-6 250056]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-6-30 402336]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-6-30 1118648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-02 08:16:47 -------- d-----w- C:\Users\nick\AppData\Local\{040113F9-1029-4C51-8555-1236B9891BAF}
2012-07-02 08:16:37 -------- d-----w- C:\Users\nick\AppData\Local\{0B07B1F8-9754-4E67-9B33-8ECA2909CC66}
2012-07-01 19:42:40 -------- d-----w- C:\Users\nick\AppData\Local\{E2368FD3-66C2-4DF9-A835-374B15A1DD87}
2012-07-01 19:42:27 -------- d-----w- C:\Users\nick\AppData\Local\{73C2D7D9-AA93-4CC5-B823-71E5DA107A98}
2012-07-01 19:42:09 -------- d-----w- C:\Users\nick\AppData\Local\{7624019E-9150-45EA-BD78-B538F2705508}
2012-07-01 19:41:55 -------- d-----w- C:\Users\nick\AppData\Local\{0D1DF72C-2E57-44EE-B7A5-5611E2BD52BD}
2012-07-01 14:49:05 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-01 14:27:06 -------- d-----w- C:\Users\nick\AppData\Roaming\Curiolab
2012-07-01 12:52:55 -------- d-----w- C:\_OTL
2012-07-01 12:46:43 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2012-07-01 01:13:37 -------- d-----w- C:\Users\nick\AppData\Roaming\Avira
2012-07-01 01:11:40 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-07-01 01:11:39 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-07-01 01:11:36 -------- d-----w- C:\ProgramData\Avira
2012-07-01 01:11:36 -------- d-----w- C:\Program Files (x86)\Avira
2012-07-01 00:36:39 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-07-01 00:36:38 767960 ----a-w- C:\Windows\BDTSupport.dll
2012-07-01 00:36:34 149464 ----a-w- C:\Windows\SGDetectionTool.dll
2012-07-01 00:36:33 2267096 ----a-w- C:\Windows\PCTBDCore.dll
2012-07-01 00:36:33 1681368 ----a-w- C:\Windows\PCTBDRes.dll
2012-07-01 00:36:06 341168 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-07-01 00:36:06 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-07-01 00:36:03 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-07-01 00:35:55 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-07-01 00:35:43 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-01 00:33:32 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-07-01 00:33:32 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-07-01 00:33:30 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-07-01 00:33:28 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-01 00:33:28 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-01 00:33:15 -------- d-----w- C:\ProgramData\PC Tools
2012-07-01 00:33:13 -------- d-----w- C:\Users\nick\AppData\Roaming\TestApp
2012-06-30 23:24:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-30 22:58:39 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-06-30 22:48:11 290142936 ----a-w- C:\regbackup.reg
2012-06-30 22:35:36 -------- d-----w- C:\Users\nick\AppData\Roaming\Simply Super Software
2012-06-30 22:35:33 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2012-06-30 22:35:33 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2012-06-30 22:35:32 -------- d-----w- C:\ProgramData\Simply Super Software
2012-06-30 22:35:32 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-06-30 20:10:20 -------- d-----w- C:\Users\nick\AppData\Roaming\Ufywuw
2012-06-30 20:10:20 -------- d-----w- C:\Users\nick\AppData\Roaming\Rabuy
2012-06-30 17:21:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-30 17:10:20 -------- d-----w- C:\Users\nick\php
2012-06-29 21:48:53 98816 ----a-w- C:\Windows\sed.exe
2012-06-29 21:48:53 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-29 21:48:53 256000 ----a-w- C:\Windows\PEV.exe
2012-06-29 21:48:53 208896 ----a-w- C:\Windows\MBR.exe
2012-06-29 08:42:11 -------- d-----w- C:\Users\nick\AppData\Local\{00B7865E-3926-413A-9959-5097FC8678EE}
2012-06-29 08:42:01 -------- d-----w- C:\Users\nick\AppData\Local\{3E25CAF4-1348-4049-A5FC-0912E12EBE7E}
2012-06-29 08:21:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\offreg.dll
2012-06-29 06:06:20 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\mpengine.dll
2012-06-28 20:41:36 -------- d-----w- C:\Users\nick\AppData\Local\{8379ACF7-FE2D-4475-9872-0964CAD09BCA}
2012-06-28 08:41:11 -------- d-----w- C:\Users\nick\AppData\Local\{1351613F-09BB-4402-B6B4-811DA845B4E9}
2012-06-27 20:40:49 -------- d-----w- C:\Users\nick\AppData\Local\{9529000D-65A4-4F4E-951F-C05B51DFE045}
2012-06-27 08:40:25 -------- d-----w- C:\Users\nick\AppData\Local\{18AF6DF1-2594-4120-AD84-3C90F31C44FF}
2012-06-26 20:40:02 -------- d-----w- C:\Users\nick\AppData\Local\{252928CE-F5C4-489D-A44A-859A981A85B8}
2012-06-26 08:39:37 -------- d-----w- C:\Users\nick\AppData\Local\{6244D029-29D7-433C-B42E-D976AAC0EFC5}
2012-06-25 20:39:16 -------- d-----w- C:\Users\nick\AppData\Local\{E265BF37-C413-4B2D-B5FB-44FACD631B3C}
2012-06-25 08:38:52 -------- d-----w- C:\Users\nick\AppData\Local\{63319092-17A7-4A1D-88C0-2D4F09080F0B}
2012-06-24 20:38:29 -------- d-----w- C:\Users\nick\AppData\Local\{8D698E9A-669C-49EF-A0A7-5E86EFB6D336}
2012-06-24 17:23:03 -------- d-----w- C:\Users\nick\AppData\Local\Macromedia
2012-06-24 08:38:04 -------- d-----w- C:\Users\nick\AppData\Local\{7E974CA2-2545-407E-AFB3-C5606C29556D}
2012-06-23 20:37:41 -------- d-----w- C:\Users\nick\AppData\Local\{755E69C4-B1E7-4231-BA8D-D0EEFF79D371}
2012-06-23 08:37:17 -------- d-----w- C:\Users\nick\AppData\Local\{DA0DD8DF-A056-455E-8300-55142E6333FA}
2012-06-22 20:36:53 -------- d-----w- C:\Users\nick\AppData\Local\{C07023A8-C579-439D-AC0E-88AFA600E1AC}
2012-06-22 10:29:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 10:29:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 10:29:06 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 10:29:06 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 08:36:29 -------- d-----w- C:\Users\nick\AppData\Local\{D42A03FE-7608-4590-BE4C-ECDE22503198}
2012-06-21 20:36:06 -------- d-----w- C:\Users\nick\AppData\Local\{6788213E-C08D-4BA6-8D71-D955CD0D795A}
2012-06-21 08:35:41 -------- d-----w- C:\Users\nick\AppData\Local\{A3C7D3D9-E411-4B36-B7A2-2D0629E19B2C}
2012-06-21 08:35:31 -------- d-----w- C:\Users\nick\AppData\Local\{27B9DD60-579A-43E1-9EC4-BA61BFB6A17C}
2012-06-20 21:26:46 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 21:26:46 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-20 20:34:47 -------- d-----w- C:\Users\nick\AppData\Local\{BCF7DFC4-0E22-4705-8325-75FA7F3ED60E}
2012-06-20 20:34:37 -------- d-----w- C:\Users\nick\AppData\Local\{4975C16C-EB7A-4414-9C65-3FB00F3891B1}
2012-06-20 20:34:23 -------- d-----w- C:\Users\nick\AppData\Roaming\Windows Live Writer
2012-06-20 20:34:23 -------- d-----w- C:\Users\nick\AppData\Local\Windows Live Writer
2012-06-20 15:42:25 -------- d-----w- C:\Users\nick\AppData\Local\{09B42634-A4FD-43C1-BD2E-FED6D6081497}
2012-06-20 15:36:56 -------- d-----w- C:\Windows\en
2012-06-20 15:28:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DSETUP.dll
2012-06-20 15:28:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DXSETUP.exe
2012-06-20 15:28:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\dsetup32.dll
2012-06-13 07:00:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-12 22:05:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:05:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 22:05:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-08 23:56:07 -------- d-----w- C:\Users\nick\AppData\Local\Ilivid Player
2012-06-03 16:09:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
.
==================== Find3M ====================
.
2012-07-01 13:28:23 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-23 13:27:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:27:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 9:48:52.35 ===============


Security Check Log


screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
SEO SpyGlass
PC Tools Spyware Doctor 9.0
Trojan Remover 6.8.4
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
McAfee VirusScan Enterprise x64 EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise x64 McShield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
McAfee VirusScan Enterprise shstat.exe
nick Desktop antimalware stuff SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 02 July 2012 - 12:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 02 July 2012 - 12:20 PM

Combofix LOG



ComboFix 12-06-28.03 - nick 07/02/2012 13:11:58.4.6 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4792 [GMT -4:00]
Running from: c:\users\nick\Desktop\antimalware stuff\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NNJhPqqbpXaPTCO.exe
c:\users\nick\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 17:16 . 2012-07-02 17:16 -------- d-----w- c:\users\njames\AppData\Local\temp
2012-07-02 17:16 . 2012-07-02 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 14:27 . 2012-07-01 14:27 -------- d-----w- c:\users\nick\AppData\Roaming\Curiolab
2012-07-01 12:52 . 2012-07-01 12:52 -------- d-----w- C:\_OTL
2012-07-01 12:46 . 2012-07-01 14:31 -------- d-----w- c:\program files (x86)\Exterminate It!
2012-07-01 01:13 . 2012-07-01 01:13 -------- d-----w- c:\users\nick\AppData\Roaming\Avira
2012-07-01 01:11 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-01 01:11 . 2012-07-02 01:14 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-01 01:11 . 2012-07-02 01:14 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-01 01:11 . 2012-07-01 01:11 -------- d-----w- c:\programdata\Avira
2012-07-01 01:11 . 2012-07-01 01:11 -------- d-----w- c:\program files (x86)\Avira
2012-07-01 00:36 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-01 00:36 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-01 00:36 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-01 00:33 . 2012-07-01 00:33 -------- d-----w- c:\users\nick\AppData\Roaming\TestApp
2012-06-30 23:24 . 2012-06-30 23:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-30 22:58 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-06-30 22:48 . 2012-06-30 22:48 290142936 ----a-w- C:\regbackup.reg
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\users\nick\AppData\Roaming\Simply Super Software
2012-06-30 22:35 . 2003-02-03 00:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-06-30 22:35 . 2002-03-06 05:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\programdata\Simply Super Software
2012-06-30 20:10 . 2012-07-01 12:50 -------- d-----w- c:\users\nick\AppData\Roaming\Ufywuw
2012-06-30 20:10 . 2012-06-30 20:10 -------- d-----w- c:\users\nick\AppData\Roaming\Rabuy
2012-06-30 20:10 . 2012-06-30 20:10 -------- d-----w- c:\programdata\Local Settings
2012-06-30 17:21 . 2012-06-30 17:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-30 17:10 . 2012-06-30 17:10 -------- d-----w- c:\users\nick\php
2012-06-29 08:21 . 2012-06-29 08:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\offreg.dll
2012-06-29 06:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\mpengine.dll
2012-06-24 17:23 . 2012-06-24 17:23 -------- d-----w- c:\users\nick\AppData\Local\Macromedia
2012-06-22 10:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:26 . 2012-06-20 21:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 21:26 . 2012-06-20 21:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-20 20:34 . 2012-06-26 22:46 -------- d-----w- c:\users\nick\AppData\Roaming\Windows Live Writer
2012-06-20 20:34 . 2012-06-20 20:34 -------- d-----w- c:\users\nick\AppData\Local\Windows Live Writer
2012-06-20 15:36 . 2012-06-20 15:36 -------- d-----w- c:\windows\en
2012-06-20 15:32 . 2012-06-20 15:32 -------- d-----w- c:\program files\Windows Live
2012-06-20 15:28 . 2012-06-20 15:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DSETUP.dll
2012-06-20 15:28 . 2012-06-20 15:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DXSETUP.exe
2012-06-20 15:28 . 2012-06-20 15:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\dsetup32.dll
2012-06-13 07:00 . 2012-05-18 01:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-12 22:05 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:05 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-08 23:56 . 2012-06-08 23:56 -------- d-----w- c:\users\nick\AppData\Local\Ilivid Player
2012-06-03 16:10 . 2012-06-03 16:10 -------- d-----w- c:\users\nick\AppData\Roaming\Yahoo!
2012-06-03 16:10 . 2012-06-03 16:10 -------- d-----w- c:\programdata\Yahoo! Companion
2012-06-03 16:09 . 2012-06-03 16:10 -------- d-----w- c:\programdata\Yahoo!
2012-06-03 16:09 . 2012-06-03 16:10 -------- d-----w- c:\program files (x86)\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 13:28 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-23 13:27 . 2012-05-06 15:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:27 . 2012-05-06 15:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 15:31 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-14 15:03 . 2012-07-01 00:36 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-01 00:36 131 ----a-w- c:\windows\IDB.zip
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-01_13.48.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-20 03:03 . 2011-02-20 03:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 81744 c:\windows\SysWOW64\mfcm100u.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\SysWOW64\mfcm100u.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\SysWOW64\mfcm100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 62288 c:\windows\SysWOW64\mfc100ita.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 63824 c:\windows\SysWOW64\mfc100esn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2010-09-16 04:00 . 2012-07-01 14:50 45124 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-01 14:50 29216 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-22 19:09 . 2012-07-01 13:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 19:09 . 2012-07-01 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-30 22:01 . 2012-07-01 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-30 22:01 . 2012-07-01 13:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 13:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-01 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-02 07:20 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-23 11:44 . 2012-07-01 14:50 7682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223829802-1462874175-969288105-1001_UserData.bin
- 2012-07-01 13:47 . 2012-07-01 13:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-02 15:33 . 2012-07-02 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-02 15:33 . 2012-07-02 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-01 13:47 . 2012-07-01 13:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-19 04:40 . 2011-02-19 04:40 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 773968 c:\windows\SysWOW64\msvcr100.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2009-07-14 04:54 . 2012-07-02 07:17 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-01 13:21 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 03:03 . 2011-02-20 03:03 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 138056 c:\windows\SysWOW64\atl100.dll
+ 2009-07-14 05:01 . 2012-07-02 07:16 430260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-01 13:09 430260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-20 03:03 . 2011-02-20 03:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2012-06-30 22:13 . 2012-07-02 07:17 1490944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-30 22:13 . 2012-07-01 13:21 1490944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 07:17 1769472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 13:21 1769472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-06-23 07:23 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-02 07:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-01 02:18 . 2012-07-02 07:16 4259424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-223829802-1462874175-969288105-1001-12288.dat
+ 2011-06-29 01:27 . 2011-06-29 01:27 4028928 c:\windows\Installer\37a8657.msp
+ 2011-11-10 08:17 . 2012-07-02 07:16 12300924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-223829802-1462874175-969288105-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 16:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 16:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-23 39408]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-30 1240848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-05-21 18240]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"31375"="c:\progra~3\LOCALS~1\Temp\msiszuuu.com" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-02 86224]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 75656]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-25 116752]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 75800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-12-08 14944]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06587820
*Deregistered* - 06587820
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 13:27]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 01:18]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 01:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-NNJhPqqbpXaPTCO.exe - c:\programdata\NNJhPqqbpXaPTCO.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-02 13:17:58
ComboFix-quarantined-files.txt 2012-07-02 17:17
ComboFix2.txt 2012-07-01 14:03
ComboFix3.txt 2012-07-01 13:52
ComboFix4.txt 2012-06-30 13:31
.
Pre-Run: 830,035,795,968 bytes free
Post-Run: 829,958,414,336 bytes free
.
- - End Of File - - CAED0BA1C8F0D942677764A2CC2CF287

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 02 July 2012 - 09:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 July 2012 - 08:00 AM

TDSSKILLER LOG


08:33:48.0231 0404 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
08:33:48.0512 0404 ============================================================
08:33:48.0512 0404 Current date / time: 2012/07/03 08:33:48.0512
08:33:48.0512 0404 SystemInfo:
08:33:48.0512 0404
08:33:48.0512 0404 OS Version: 6.1.7601 ServicePack: 1.0
08:33:48.0512 0404 Product type: Workstation
08:33:48.0512 0404 ComputerName: NICK-PC
08:33:48.0512 0404 UserName: nick
08:33:48.0512 0404 Windows directory: C:\Windows
08:33:48.0512 0404 System windows directory: C:\Windows
08:33:48.0512 0404 Running under WOW64
08:33:48.0512 0404 Processor architecture: Intel x64
08:33:48.0512 0404 Number of processors: 6
08:33:48.0512 0404 Page size: 0x1000
08:33:48.0512 0404 Boot type: Safe boot with network
08:33:48.0512 0404 ============================================================
08:33:49.0464 0404 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:33:49.0479 0404 Drive \Device\Harddisk5\DR5 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:33:49.0479 0404 ============================================================
08:33:49.0479 0404 \Device\Harddisk0\DR0:
08:33:49.0479 0404 MBR partitions:
08:33:49.0479 0404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x152D000
08:33:49.0479 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1541000, BlocksNum 0x731C0DB0
08:33:49.0479 0404 \Device\Harddisk5\DR5:
08:33:49.0495 0404 MBR partitions:
08:33:49.0495 0404 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D2E0
08:33:49.0495 0404 ============================================================
08:33:49.0526 0404 C: <-> \Device\Harddisk0\DR0\Partition1
08:33:49.0526 0404 ============================================================
08:33:49.0526 0404 Initialize success
08:33:49.0526 0404 ============================================================
08:33:56.0952 2768 ============================================================
08:33:56.0952 2768 Scan started
08:33:56.0952 2768 Mode: Manual; SigCheck; TDLFS;
08:33:56.0952 2768 ============================================================
08:33:57.0591 2768 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:33:57.0669 2768 1394ohci - ok
08:33:57.0716 2768 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:33:57.0732 2768 ACPI - ok
08:33:57.0747 2768 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:33:57.0810 2768 AcpiPmi - ok
08:33:57.0919 2768 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:33:57.0919 2768 AdobeFlashPlayerUpdateSvc - ok
08:33:57.0981 2768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:33:57.0997 2768 adp94xx - ok
08:33:58.0044 2768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:33:58.0044 2768 adpahci - ok
08:33:58.0075 2768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:33:58.0075 2768 adpu320 - ok
08:33:58.0106 2768 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:33:58.0215 2768 AeLookupSvc - ok
08:33:58.0293 2768 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:33:58.0356 2768 AFD - ok
08:33:58.0387 2768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:33:58.0387 2768 agp440 - ok
08:33:58.0434 2768 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
08:33:58.0434 2768 ahcix64s - ok
08:33:58.0449 2768 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:33:58.0496 2768 ALG - ok
08:33:58.0527 2768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:33:58.0527 2768 aliide - ok
08:33:58.0590 2768 AMD External Events Utility (cf4d1ebe8fec994a0df69149ed27e417) C:\Windows\system32\atiesrxx.exe
08:33:58.0652 2768 AMD External Events Utility - ok
08:33:58.0668 2768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:33:58.0683 2768 amdide - ok
08:33:58.0699 2768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:33:58.0730 2768 AmdK8 - ok
08:33:59.0245 2768 amdkmdag (375ac85e1130eaa1eaeb62ddd22b0efb) C:\Windows\system32\DRIVERS\atikmdag.sys
08:33:59.0354 2768 amdkmdag - ok
08:33:59.0463 2768 amdkmdap (daeb3f2bb2095b95b98be6cec99d02e7) C:\Windows\system32\DRIVERS\atikmpag.sys
08:33:59.0479 2768 amdkmdap - ok
08:33:59.0526 2768 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
08:33:59.0541 2768 AmdLLD64 - ok
08:33:59.0557 2768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:33:59.0573 2768 AmdPPM - ok
08:33:59.0604 2768 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
08:33:59.0604 2768 amdsata - ok
08:33:59.0619 2768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:33:59.0635 2768 amdsbs - ok
08:33:59.0651 2768 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
08:33:59.0651 2768 amdxata - ok
08:33:59.0744 2768 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:33:59.0760 2768 AntiVirSchedulerService - ok
08:33:59.0791 2768 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:33:59.0791 2768 AntiVirService - ok
08:33:59.0822 2768 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:33:59.0947 2768 AppID - ok
08:33:59.0978 2768 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:34:00.0009 2768 AppIDSvc - ok
08:34:00.0041 2768 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:34:00.0072 2768 Appinfo - ok
08:34:00.0150 2768 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:34:00.0165 2768 Apple Mobile Device - ok
08:34:00.0197 2768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:34:00.0197 2768 arc - ok
08:34:00.0212 2768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:34:00.0228 2768 arcsas - ok
08:34:00.0337 2768 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:34:00.0337 2768 aspnet_state - ok
08:34:00.0368 2768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:34:00.0399 2768 AsyncMac - ok
08:34:00.0431 2768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:34:00.0446 2768 atapi - ok
08:34:00.0477 2768 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
08:34:00.0493 2768 AtiHDAudioService - ok
08:34:00.0509 2768 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
08:34:00.0509 2768 AtiHdmiService - ok
08:34:00.0571 2768 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:34:00.0618 2768 AudioEndpointBuilder - ok
08:34:00.0618 2768 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:34:00.0649 2768 AudioSrv - ok
08:34:00.0680 2768 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:34:00.0696 2768 avgntflt - ok
08:34:00.0711 2768 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:34:00.0711 2768 avipbb - ok
08:34:00.0743 2768 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:34:00.0758 2768 avkmgr - ok
08:34:00.0805 2768 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:34:00.0852 2768 AxInstSV - ok
08:34:00.0899 2768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:34:00.0945 2768 b06bdrv - ok
08:34:00.0961 2768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:34:00.0977 2768 b57nd60a - ok
08:34:01.0086 2768 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:34:01.0101 2768 BBSvc - ok
08:34:01.0164 2768 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:34:01.0179 2768 BBUpdate - ok
08:34:01.0195 2768 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:34:01.0242 2768 BDESVC - ok
08:34:01.0289 2768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:34:01.0320 2768 Beep - ok
08:34:01.0382 2768 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:34:01.0429 2768 BFE - ok
08:34:01.0491 2768 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:34:01.0554 2768 BITS - ok
08:34:01.0601 2768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:34:01.0616 2768 blbdrive - ok
08:34:01.0694 2768 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:34:01.0725 2768 Bonjour Service - ok
08:34:01.0757 2768 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:34:01.0788 2768 bowser - ok
08:34:01.0803 2768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:34:01.0866 2768 BrFiltLo - ok
08:34:01.0881 2768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:34:01.0881 2768 BrFiltUp - ok
08:34:01.0897 2768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:34:01.0928 2768 BridgeMP - ok
08:34:01.0959 2768 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:34:01.0991 2768 Browser - ok
08:34:02.0115 2768 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
08:34:02.0147 2768 Browser Defender Update Service - ok
08:34:02.0162 2768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:34:02.0193 2768 Brserid - ok
08:34:02.0209 2768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:34:02.0225 2768 BrSerWdm - ok
08:34:02.0240 2768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:34:02.0256 2768 BrUsbMdm - ok
08:34:02.0271 2768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:34:02.0287 2768 BrUsbSer - ok
08:34:02.0303 2768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:34:02.0334 2768 BTHMODEM - ok
08:34:02.0365 2768 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:34:02.0412 2768 bthserv - ok
08:34:02.0427 2768 catchme - ok
08:34:02.0474 2768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:34:02.0505 2768 cdfs - ok
08:34:02.0537 2768 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:34:02.0552 2768 cdrom - ok
08:34:02.0599 2768 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:34:02.0615 2768 CertPropSvc - ok
08:34:02.0630 2768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:34:02.0630 2768 circlass - ok
08:34:02.0661 2768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:34:02.0677 2768 CLFS - ok
08:34:02.0739 2768 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:02.0739 2768 clr_optimization_v2.0.50727_32 - ok
08:34:02.0771 2768 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:02.0771 2768 clr_optimization_v2.0.50727_64 - ok
08:34:02.0849 2768 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:02.0864 2768 clr_optimization_v4.0.30319_32 - ok
08:34:02.0895 2768 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:02.0895 2768 clr_optimization_v4.0.30319_64 - ok
08:34:02.0911 2768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:34:02.0942 2768 CmBatt - ok
08:34:02.0958 2768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:34:02.0973 2768 cmdide - ok
08:34:03.0020 2768 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:34:03.0036 2768 CNG - ok
08:34:03.0051 2768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:34:03.0051 2768 Compbatt - ok
08:34:03.0083 2768 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:34:03.0098 2768 CompositeBus - ok
08:34:03.0098 2768 COMSysApp - ok
08:34:03.0114 2768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:34:03.0114 2768 crcdisk - ok
08:34:03.0176 2768 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:34:03.0207 2768 CryptSvc - ok
08:34:03.0254 2768 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:34:03.0285 2768 DcomLaunch - ok
08:34:03.0301 2768 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:34:03.0332 2768 defragsvc - ok
08:34:03.0363 2768 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:34:03.0410 2768 DfsC - ok
08:34:03.0473 2768 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:34:03.0504 2768 Dhcp - ok
08:34:03.0504 2768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:34:03.0691 2768 discache - ok
08:34:03.0722 2768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:34:03.0738 2768 Disk - ok
08:34:03.0785 2768 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:34:03.0847 2768 Dnscache - ok
08:34:03.0894 2768 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:34:03.0909 2768 dot3svc - ok
08:34:03.0956 2768 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:34:03.0987 2768 DPS - ok
08:34:04.0019 2768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:34:04.0050 2768 drmkaud - ok
08:34:04.0175 2768 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:34:04.0237 2768 DXGKrnl - ok
08:34:04.0237 2768 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:34:04.0268 2768 EapHost - ok
08:34:04.0377 2768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:34:04.0455 2768 ebdrv - ok
08:34:04.0533 2768 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:34:04.0580 2768 EFS - ok
08:34:04.0658 2768 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:34:04.0721 2768 ehRecvr - ok
08:34:04.0752 2768 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:34:04.0767 2768 ehSched - ok
08:34:04.0799 2768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:34:04.0814 2768 elxstor - ok
08:34:04.0861 2768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:34:04.0877 2768 ErrDev - ok
08:34:04.0908 2768 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:34:04.0955 2768 EventSystem - ok
08:34:04.0986 2768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:34:05.0001 2768 exfat - ok
08:34:05.0033 2768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:34:05.0064 2768 fastfat - ok
08:34:05.0079 2768 FastUserSwitchingCompatibility - ok
08:34:05.0142 2768 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:34:05.0189 2768 Fax - ok
08:34:05.0204 2768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:34:05.0220 2768 fdc - ok
08:34:05.0220 2768 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:34:05.0251 2768 fdPHost - ok
08:34:05.0267 2768 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:34:05.0298 2768 FDResPub - ok
08:34:05.0329 2768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:34:05.0329 2768 FileInfo - ok
08:34:05.0345 2768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:34:05.0376 2768 Filetrace - ok
08:34:05.0485 2768 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:34:05.0501 2768 FLEXnet Licensing Service - ok
08:34:05.0516 2768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:34:05.0532 2768 flpydisk - ok
08:34:05.0563 2768 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:34:05.0579 2768 FltMgr - ok
08:34:05.0641 2768 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:34:05.0688 2768 FontCache - ok
08:34:05.0750 2768 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:05.0750 2768 FontCache3.0.0.0 - ok
08:34:05.0781 2768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:34:05.0781 2768 FsDepends - ok
08:34:05.0813 2768 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:34:05.0828 2768 Fs_Rec - ok
08:34:05.0875 2768 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:34:05.0891 2768 fvevol - ok
08:34:05.0922 2768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:34:05.0937 2768 gagp30kx - ok
08:34:05.0969 2768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:34:05.0969 2768 GEARAspiWDM - ok
08:34:06.0015 2768 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
08:34:06.0031 2768 GoToAssist - ok
08:34:06.0078 2768 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:34:06.0140 2768 gpsvc - ok
08:34:06.0265 2768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:06.0265 2768 gupdate - ok
08:34:06.0296 2768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:06.0296 2768 gupdatem - ok
08:34:06.0327 2768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:34:06.0343 2768 gusvc - ok
08:34:06.0359 2768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:34:06.0405 2768 hcw85cir - ok
08:34:06.0437 2768 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:34:06.0483 2768 HDAudBus - ok
08:34:06.0499 2768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:34:06.0499 2768 HidBatt - ok
08:34:06.0515 2768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:34:06.0530 2768 HidBth - ok
08:34:06.0546 2768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:34:06.0577 2768 HidIr - ok
08:34:06.0608 2768 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:34:06.0655 2768 hidserv - ok
08:34:06.0702 2768 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:34:06.0702 2768 HidUsb - ok
08:34:06.0733 2768 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:34:06.0780 2768 hkmsvc - ok
08:34:06.0827 2768 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:34:06.0842 2768 HomeGroupListener - ok
08:34:06.0873 2768 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:34:06.0905 2768 HomeGroupProvider - ok
08:34:06.0920 2768 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:34:06.0920 2768 HpSAMD - ok
08:34:06.0967 2768 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:34:07.0014 2768 HTTP - ok
08:34:07.0029 2768 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:34:07.0045 2768 hwpolicy - ok
08:34:07.0092 2768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:34:07.0092 2768 i8042prt - ok
08:34:07.0154 2768 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:34:07.0170 2768 iaStorV - ok
08:34:07.0248 2768 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:07.0279 2768 idsvc - ok
08:34:07.0295 2768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:34:07.0310 2768 iirsp - ok
08:34:07.0388 2768 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:34:07.0435 2768 IKEEXT - ok
08:34:07.0560 2768 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
08:34:07.0591 2768 IntcAzAudAddService - ok
08:34:07.0653 2768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:34:07.0669 2768 intelide - ok
08:34:07.0669 2768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:34:07.0685 2768 intelppm - ok
08:34:07.0716 2768 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:34:07.0747 2768 IPBusEnum - ok
08:34:07.0778 2768 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:34:07.0825 2768 IpFilterDriver - ok
08:34:07.0887 2768 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:34:07.0950 2768 iphlpsvc - ok
08:34:07.0997 2768 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:34:08.0012 2768 IPMIDRV - ok
08:34:08.0028 2768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:34:08.0075 2768 IPNAT - ok
08:34:08.0184 2768 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:34:08.0246 2768 iPod Service - ok
08:34:08.0277 2768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:34:08.0324 2768 IRENUM - ok
08:34:08.0371 2768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:34:08.0371 2768 isapnp - ok
08:34:08.0418 2768 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:34:08.0433 2768 iScsiPrt - ok
08:34:08.0465 2768 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:34:08.0480 2768 k57nd60a - ok
08:34:08.0496 2768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:34:08.0496 2768 kbdclass - ok
08:34:08.0527 2768 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:34:08.0543 2768 kbdhid - ok
08:34:08.0574 2768 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:34:08.0574 2768 KeyIso - ok
08:34:08.0589 2768 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:34:08.0605 2768 KSecDD - ok
08:34:08.0636 2768 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:34:08.0652 2768 KSecPkg - ok
08:34:08.0652 2768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:34:08.0683 2768 ksthunk - ok
08:34:08.0730 2768 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:34:08.0761 2768 KtmRm - ok
08:34:08.0792 2768 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:34:08.0823 2768 LanmanServer - ok
08:34:08.0855 2768 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:34:08.0886 2768 LanmanWorkstation - ok
08:34:08.0933 2768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:34:08.0979 2768 lltdio - ok
08:34:09.0011 2768 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:34:09.0057 2768 lltdsvc - ok
08:34:09.0073 2768 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:34:09.0089 2768 lmhosts - ok
08:34:09.0338 2768 LMIGuardianSvc (108c2e48b280a7cc38bad76165715647) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:34:09.0338 2768 LMIGuardianSvc - ok
08:34:09.0369 2768 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:34:09.0385 2768 LMIInfo - ok
08:34:09.0385 2768 LMIMaint (4fa9fb8819e8e6f012853d4bbc9592a7) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:34:09.0401 2768 LMIMaint - ok
08:34:09.0416 2768 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
08:34:09.0416 2768 lmimirr - ok
08:34:09.0447 2768 LMIRfsClientNP - ok
08:34:09.0463 2768 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:34:09.0463 2768 LMIRfsDriver - ok
08:34:09.0494 2768 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:34:09.0510 2768 LogMeIn - ok
08:34:09.0541 2768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:34:09.0557 2768 LSI_FC - ok
08:34:09.0572 2768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:34:09.0572 2768 LSI_SAS - ok
08:34:09.0588 2768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:34:09.0603 2768 LSI_SAS2 - ok
08:34:09.0619 2768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:34:09.0619 2768 LSI_SCSI - ok
08:34:09.0650 2768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:34:09.0681 2768 luafv - ok
08:34:09.0744 2768 McAfeeEngineService (4a6dd3c84aa2fdda86efaa527d8ab7b6) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
08:34:09.0759 2768 McAfeeEngineService - ok
08:34:09.0822 2768 McAfeeFramework (4cd3ee64736b4d156dac5c1d6eb60c24) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
08:34:09.0822 2768 McAfeeFramework - ok
08:34:09.0931 2768 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
08:34:09.0947 2768 McComponentHostService - ok
08:34:09.0978 2768 McShield (39244b1d160fec32ee4a7ea2635986c8) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
08:34:09.0978 2768 McShield - ok
08:34:09.0993 2768 McTaskManager (9df3a434657512b31549f8d20affad5f) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
08:34:10.0009 2768 McTaskManager - ok
08:34:10.0087 2768 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:34:10.0103 2768 Mcx2Svc - ok
08:34:10.0118 2768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:34:10.0134 2768 megasas - ok
08:34:10.0149 2768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:34:10.0165 2768 MegaSR - ok
08:34:10.0196 2768 mfeapfk (4dea3f2dc347dea7cb4535680c0e03f1) C:\Windows\system32\drivers\mfeapfk.sys
08:34:10.0196 2768 mfeapfk - ok
08:34:10.0212 2768 mfeavfk (e555fed8762cbee0a91c47450f81654e) C:\Windows\system32\drivers\mfeavfk.sys
08:34:10.0227 2768 mfeavfk - ok
08:34:10.0259 2768 mfehidk (f3ce7173922b89cfa909695a489a0e9e) C:\Windows\system32\drivers\mfehidk.sys
08:34:10.0274 2768 mfehidk - ok
08:34:10.0305 2768 mferkdet (a4f8465b956571ab296eb70c167754db) C:\Windows\system32\drivers\mferkdet.sys
08:34:10.0305 2768 mferkdet - ok
08:34:10.0321 2768 mfetdik (4339aee8f042ecb4292cd36d84a7cc2f) C:\Windows\system32\drivers\mfetdik.sys
08:34:10.0321 2768 mfetdik - ok
08:34:10.0337 2768 mfevtp (dbeb6c9c637703c51356f5a1c932ff51) C:\Windows\system32\mfevtps.exe
08:34:10.0352 2768 mfevtp - ok
08:34:10.0446 2768 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:34:10.0461 2768 Microsoft Office Groove Audit Service - ok
08:34:10.0477 2768 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:34:10.0524 2768 MMCSS - ok
08:34:10.0555 2768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:34:10.0586 2768 Modem - ok
08:34:10.0633 2768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:34:10.0649 2768 monitor - ok
08:34:10.0695 2768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:34:10.0711 2768 mouclass - ok
08:34:10.0727 2768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:34:10.0742 2768 mouhid - ok
08:34:10.0773 2768 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:34:10.0789 2768 mountmgr - ok
08:34:10.0836 2768 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:34:10.0851 2768 MozillaMaintenance - ok
08:34:10.0883 2768 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:34:10.0883 2768 mpio - ok
08:34:10.0914 2768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:34:10.0945 2768 mpsdrv - ok
08:34:10.0992 2768 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:34:11.0007 2768 MRxDAV - ok
08:34:11.0039 2768 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:34:11.0070 2768 mrxsmb - ok
08:34:11.0117 2768 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:34:11.0148 2768 mrxsmb10 - ok
08:34:11.0148 2768 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:34:11.0163 2768 mrxsmb20 - ok
08:34:11.0195 2768 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:34:11.0195 2768 msahci - ok
08:34:11.0273 2768 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:34:11.0288 2768 MSCamSvc - ok
08:34:11.0319 2768 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:34:11.0319 2768 msdsm - ok
08:34:11.0335 2768 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:34:11.0351 2768 MSDTC - ok
08:34:11.0382 2768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:34:11.0413 2768 Msfs - ok
08:34:11.0444 2768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:34:11.0475 2768 mshidkmdf - ok
08:34:11.0507 2768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:34:11.0522 2768 msisadrv - ok
08:34:11.0585 2768 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:34:11.0616 2768 MSiSCSI - ok
08:34:11.0616 2768 msiserver - ok
08:34:11.0663 2768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:34:11.0694 2768 MSKSSRV - ok
08:34:11.0725 2768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:34:11.0741 2768 MSPCLOCK - ok
08:34:11.0756 2768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:34:11.0787 2768 MSPQM - ok
08:34:11.0834 2768 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:34:11.0850 2768 MsRPC - ok
08:34:11.0865 2768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:34:11.0865 2768 mssmbios - ok
08:34:11.0881 2768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:34:11.0912 2768 MSTEE - ok
08:34:11.0912 2768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:34:11.0928 2768 MTConfig - ok
08:34:11.0959 2768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:34:11.0975 2768 Mup - ok
08:34:12.0021 2768 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:34:12.0068 2768 napagent - ok
08:34:12.0099 2768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:34:12.0131 2768 NativeWifiP - ok
08:34:12.0209 2768 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:34:12.0224 2768 NDIS - ok
08:34:12.0240 2768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:34:12.0271 2768 NdisCap - ok
08:34:12.0302 2768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:34:12.0318 2768 NdisTapi - ok
08:34:12.0349 2768 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:34:12.0380 2768 Ndisuio - ok
08:34:12.0411 2768 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:34:12.0443 2768 NdisWan - ok
08:34:12.0489 2768 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:34:12.0536 2768 NDProxy - ok
08:34:12.0552 2768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:34:12.0583 2768 NetBIOS - ok
08:34:12.0614 2768 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:34:12.0645 2768 NetBT - ok
08:34:12.0661 2768 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:34:12.0661 2768 Netlogon - ok
08:34:12.0723 2768 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:34:12.0770 2768 Netman - ok
08:34:12.0879 2768 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:12.0879 2768 NetMsmqActivator - ok
08:34:12.0895 2768 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:12.0895 2768 NetPipeActivator - ok
08:34:12.0942 2768 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:34:12.0973 2768 netprofm - ok
08:34:12.0973 2768 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:12.0973 2768 NetTcpActivator - ok
08:34:12.0989 2768 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:12.0989 2768 NetTcpPortSharing - ok
08:34:13.0051 2768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:34:13.0051 2768 nfrd960 - ok
08:34:13.0098 2768 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:34:13.0129 2768 NlaSvc - ok
08:34:13.0145 2768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:34:13.0160 2768 Npfs - ok
08:34:13.0176 2768 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:34:13.0191 2768 nsi - ok
08:34:13.0207 2768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:34:13.0238 2768 nsiproxy - ok
08:34:13.0347 2768 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:34:13.0379 2768 Ntfs - ok
08:34:13.0441 2768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:34:13.0472 2768 Null - ok
08:34:13.0503 2768 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:34:13.0519 2768 nvraid - ok
08:34:13.0550 2768 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:34:13.0566 2768 nvstor - ok
08:34:13.0597 2768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:34:13.0613 2768 nv_agp - ok
08:34:13.0706 2768 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:34:13.0722 2768 odserv - ok
08:34:13.0753 2768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:34:13.0784 2768 ohci1394 - ok
08:34:13.0847 2768 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:34:13.0862 2768 ose - ok
08:34:13.0893 2768 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:34:13.0940 2768 p2pimsvc - ok
08:34:13.0971 2768 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:34:13.0987 2768 p2psvc - ok
08:34:14.0003 2768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:34:14.0018 2768 Parport - ok
08:34:14.0049 2768 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:34:14.0049 2768 partmgr - ok
08:34:14.0081 2768 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:34:14.0096 2768 PcaSvc - ok
08:34:14.0127 2768 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:34:14.0127 2768 pci - ok
08:34:14.0159 2768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:34:14.0159 2768 pciide - ok
08:34:14.0190 2768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:34:14.0190 2768 pcmcia - ok
08:34:14.0237 2768 PCTBD (bb0d5cc3474367a918f463366742afe9) C:\Windows\system32\Drivers\PCTBD64.sys
08:34:14.0252 2768 PCTBD - ok
08:34:14.0299 2768 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
08:34:14.0315 2768 PCTCore - ok
08:34:14.0377 2768 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
08:34:14.0393 2768 pctDS - ok
08:34:14.0455 2768 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
08:34:14.0486 2768 pctEFA - ok
08:34:14.0533 2768 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
08:34:14.0549 2768 PCTSD - ok
08:34:14.0549 2768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:34:14.0549 2768 pcw - ok
08:34:14.0611 2768 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
08:34:14.0611 2768 PDFProFiltSrvPP - ok
08:34:14.0642 2768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:34:14.0705 2768 PEAUTH - ok
08:34:14.0736 2768 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:34:14.0751 2768 PerfHost - ok
08:34:14.0829 2768 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:34:14.0876 2768 pla - ok
08:34:14.0907 2768 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:34:14.0954 2768 PlugPlay - ok
08:34:14.0970 2768 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:34:14.0985 2768 PNRPAutoReg - ok
08:34:15.0017 2768 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:34:15.0032 2768 PNRPsvc - ok
08:34:15.0063 2768 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:34:15.0095 2768 PolicyAgent - ok
08:34:15.0126 2768 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:34:15.0173 2768 Power - ok
08:34:15.0251 2768 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:34:15.0282 2768 PptpMiniport - ok
08:34:15.0313 2768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:34:15.0329 2768 Processor - ok
08:34:15.0360 2768 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:34:15.0391 2768 ProfSvc - ok
08:34:15.0407 2768 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:34:15.0422 2768 ProtectedStorage - ok
08:34:15.0469 2768 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:34:15.0485 2768 Psched - ok
08:34:15.0516 2768 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:34:15.0531 2768 PxHlpa64 - ok
08:34:15.0594 2768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:34:15.0625 2768 ql2300 - ok
08:34:15.0703 2768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:34:15.0703 2768 ql40xx - ok
08:34:15.0734 2768 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:34:15.0765 2768 QWAVE - ok
08:34:15.0781 2768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:34:15.0797 2768 QWAVEdrv - ok
08:34:15.0859 2768 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
08:34:15.0875 2768 radpms - ok
08:34:15.0890 2768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:34:15.0906 2768 RasAcd - ok
08:34:15.0937 2768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:34:15.0968 2768 RasAgileVpn - ok
08:34:15.0984 2768 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:34:16.0015 2768 RasAuto - ok
08:34:16.0046 2768 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:34:16.0062 2768 Rasl2tp - ok
08:34:16.0109 2768 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:34:16.0140 2768 RasMan - ok
08:34:16.0155 2768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:34:16.0187 2768 RasPppoe - ok
08:34:16.0218 2768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:34:16.0233 2768 RasSstp - ok
08:34:16.0265 2768 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:34:16.0280 2768 rdbss - ok
08:34:16.0311 2768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:34:16.0327 2768 rdpbus - ok
08:34:16.0343 2768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:34:16.0374 2768 RDPCDD - ok
08:34:16.0405 2768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:34:16.0436 2768 RDPENCDD - ok
08:34:16.0452 2768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:34:16.0467 2768 RDPREFMP - ok
08:34:16.0514 2768 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:34:16.0530 2768 RDPWD - ok
08:34:16.0577 2768 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:34:16.0577 2768 rdyboost - ok
08:34:16.0639 2768 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:34:16.0670 2768 RemoteAccess - ok
08:34:16.0701 2768 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:34:16.0717 2768 RemoteRegistry - ok
08:34:16.0857 2768 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
08:34:16.0889 2768 RoxMediaDB10 - ok
08:34:16.0904 2768 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:34:16.0935 2768 RpcEptMapper - ok
08:34:16.0951 2768 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:34:16.0967 2768 RpcLocator - ok
08:34:17.0013 2768 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
08:34:17.0029 2768 RpcSs - ok
08:34:17.0060 2768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:34:17.0107 2768 rspndr - ok
08:34:17.0107 2768 RxFilter - ok
08:34:17.0123 2768 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:34:17.0138 2768 SamSs - ok
08:34:17.0169 2768 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:34:17.0185 2768 sbp2port - ok
08:34:17.0216 2768 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:34:17.0247 2768 SCardSvr - ok
08:34:17.0263 2768 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:34:17.0294 2768 scfilter - ok
08:34:17.0357 2768 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:34:17.0419 2768 Schedule - ok
08:34:17.0450 2768 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:34:17.0466 2768 SCPolicySvc - ok
08:34:17.0559 2768 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
08:34:17.0575 2768 sdAuxService - ok
08:34:17.0622 2768 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
08:34:17.0653 2768 sdCoreService - ok
08:34:17.0731 2768 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:34:17.0778 2768 SDRSVC - ok
08:34:17.0793 2768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:34:17.0825 2768 secdrv - ok
08:34:17.0856 2768 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:34:17.0887 2768 seclogon - ok
08:34:17.0918 2768 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:34:17.0949 2768 SENS - ok
08:34:17.0981 2768 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:34:18.0012 2768 SensrSvc - ok
08:34:18.0012 2768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:34:18.0043 2768 Serenum - ok
08:34:18.0043 2768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:34:18.0059 2768 Serial - ok
08:34:18.0090 2768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:34:18.0105 2768 sermouse - ok
08:34:18.0121 2768 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:34:18.0168 2768 SessionEnv - ok
08:34:18.0183 2768 SessionLauncher - ok
08:34:18.0215 2768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:34:18.0246 2768 sffdisk - ok
08:34:18.0277 2768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:34:18.0277 2768 sffp_mmc - ok
08:34:18.0293 2768 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:34:18.0324 2768 sffp_sd - ok
08:34:18.0339 2768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:34:18.0355 2768 sfloppy - ok
08:34:18.0417 2768 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:34:18.0433 2768 SftService - ok
08:34:18.0464 2768 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:34:18.0511 2768 SharedAccess - ok
08:34:18.0558 2768 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:34:18.0605 2768 ShellHWDetection - ok
08:34:18.0636 2768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:34:18.0636 2768 SiSRaid2 - ok
08:34:18.0651 2768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:34:18.0667 2768 SiSRaid4 - ok
08:34:18.0714 2768 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:34:18.0729 2768 SkypeUpdate - ok
08:34:18.0745 2768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:34:18.0792 2768 Smb - ok
08:34:18.0823 2768 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:34:18.0839 2768 SNMPTRAP - ok
08:34:18.0839 2768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:34:18.0854 2768 spldr - ok
08:34:18.0870 2768 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:34:18.0901 2768 Spooler - ok
08:34:19.0041 2768 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:34:19.0119 2768 sppsvc - ok
08:34:19.0182 2768 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:34:19.0213 2768 sppuinotify - ok
08:34:19.0275 2768 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
08:34:19.0275 2768 sprtsvc_DellSupportCenter - ok
08:34:19.0338 2768 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:34:19.0369 2768 srv - ok
08:34:19.0400 2768 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:34:19.0431 2768 srv2 - ok
08:34:19.0431 2768 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:34:19.0447 2768 srvnet - ok
08:34:19.0494 2768 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:34:19.0525 2768 SSDPSRV - ok
08:34:19.0556 2768 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:34:19.0572 2768 SstpSvc - ok
08:34:19.0587 2768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:34:19.0587 2768 stexstor - ok
08:34:19.0619 2768 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
08:34:19.0650 2768 StillCam - ok
08:34:19.0697 2768 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:34:19.0759 2768 stisvc - ok
08:34:19.0806 2768 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:34:19.0821 2768 stllssvr - ok
08:34:19.0853 2768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:34:19.0868 2768 swenum - ok
08:34:19.0899 2768 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:34:19.0946 2768 swprv - ok
08:34:20.0055 2768 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:34:20.0102 2768 SysMain - ok
08:34:20.0165 2768 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:34:20.0180 2768 TabletInputService - ok
08:34:20.0211 2768 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:34:20.0258 2768 TapiSrv - ok
08:34:20.0274 2768 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:34:20.0305 2768 TBS - ok
08:34:20.0399 2768 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:34:20.0445 2768 Tcpip - ok
08:34:20.0539 2768 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:34:20.0570 2768 TCPIP6 - ok
08:34:20.0617 2768 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:34:20.0664 2768 tcpipreg - ok
08:34:20.0679 2768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:34:20.0711 2768 TDPIPE - ok
08:34:20.0742 2768 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:34:20.0773 2768 TDTCP - ok
08:34:20.0804 2768 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:34:20.0835 2768 tdx - ok
08:34:20.0835 2768 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:34:20.0851 2768 TermDD - ok
08:34:20.0882 2768 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:34:20.0929 2768 TermService - ok
08:34:20.0945 2768 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:34:20.0976 2768 Themes - ok
08:34:21.0007 2768 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:34:21.0038 2768 THREADORDER - ok
08:34:21.0038 2768 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:34:21.0069 2768 TrkWks - ok
08:34:21.0116 2768 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:34:21.0163 2768 TrustedInstaller - ok
08:34:21.0194 2768 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:34:21.0225 2768 tssecsrv - ok
08:34:21.0241 2768 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:34:21.0272 2768 TsUsbFlt - ok
08:34:21.0303 2768 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:34:21.0350 2768 tunnel - ok
08:34:21.0366 2768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:34:21.0366 2768 uagp35 - ok
08:34:21.0413 2768 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:34:21.0444 2768 udfs - ok
08:34:21.0459 2768 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:34:21.0475 2768 UI0Detect - ok
08:34:21.0475 2768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:34:21.0491 2768 uliagpkx - ok
08:34:21.0537 2768 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:34:21.0553 2768 umbus - ok
08:34:21.0569 2768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:34:21.0584 2768 UmPass - ok
08:34:21.0600 2768 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:34:21.0647 2768 upnphost - ok
08:34:21.0693 2768 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:34:21.0709 2768 USBAAPL64 - ok
08:34:21.0756 2768 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:34:21.0771 2768 usbaudio - ok
08:34:21.0787 2768 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
08:34:21.0818 2768 usbccgp - ok
08:34:21.0881 2768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:34:21.0881 2768 usbcir - ok
08:34:21.0896 2768 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:34:21.0927 2768 usbehci - ok
08:34:21.0959 2768 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:34:21.0974 2768 usbhub - ok
08:34:21.0990 2768 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:34:21.0990 2768 usbohci - ok
08:34:22.0005 2768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:34:22.0021 2768 usbprint - ok
08:34:22.0068 2768 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:34:22.0083 2768 usbscan - ok
08:34:22.0083 2768 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:34:22.0130 2768 USBSTOR - ok
08:34:22.0146 2768 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:34:22.0161 2768 usbuhci - ok
08:34:22.0208 2768 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:34:22.0208 2768 usbvideo - ok
08:34:22.0224 2768 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:34:22.0255 2768 UxSms - ok
08:34:22.0286 2768 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:34:22.0286 2768 VaultSvc - ok
08:34:22.0302 2768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:34:22.0302 2768 vdrvroot - ok
08:34:22.0349 2768 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:34:22.0395 2768 vds - ok
08:34:22.0427 2768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:34:22.0442 2768 vga - ok
08:34:22.0442 2768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:34:22.0489 2768 VgaSave - ok
08:34:22.0520 2768 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:34:22.0536 2768 vhdmp - ok
08:34:22.0567 2768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:34:22.0583 2768 viaide - ok
08:34:22.0598 2768 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:34:22.0598 2768 volmgr - ok
08:34:22.0645 2768 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:34:22.0661 2768 volmgrx - ok
08:34:22.0676 2768 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:34:22.0692 2768 volsnap - ok
08:34:22.0707 2768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:34:22.0723 2768 vsmraid - ok
08:34:22.0817 2768 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:34:22.0863 2768 VSS - ok
08:34:22.0926 2768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:34:22.0941 2768 vwifibus - ok
08:34:22.0988 2768 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:34:23.0019 2768 W32Time - ok
08:34:23.0019 2768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:34:23.0051 2768 WacomPen - ok
08:34:23.0066 2768 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:34:23.0097 2768 WANARP - ok
08:34:23.0113 2768 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:34:23.0129 2768 Wanarpv6 - ok
08:34:23.0238 2768 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:34:23.0269 2768 WatAdminSvc - ok
08:34:23.0347 2768 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:34:23.0394 2768 wbengine - ok
08:34:23.0425 2768 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:34:23.0441 2768 WbioSrvc - ok
08:34:23.0487 2768 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:34:23.0534 2768 wcncsvc - ok
08:34:23.0550 2768 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:34:23.0581 2768 WcsPlugInService - ok
08:34:23.0597 2768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:34:23.0612 2768 Wd - ok
08:34:23.0628 2768 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
08:34:23.0659 2768 WDC_SAM - ok
08:34:23.0690 2768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:34:23.0706 2768 Wdf01000 - ok
08:34:23.0721 2768 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:34:23.0768 2768 WdiServiceHost - ok
08:34:23.0768 2768 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:34:23.0784 2768 WdiSystemHost - ok
08:34:23.0831 2768 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:34:23.0846 2768 WebClient - ok
08:34:23.0862 2768 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:34:23.0893 2768 Wecsvc - ok
08:34:23.0924 2768 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:34:23.0971 2768 wercplsupport - ok
08:34:23.0987 2768 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:34:24.0033 2768 WerSvc - ok
08:34:24.0049 2768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:34:24.0080 2768 WfpLwf - ok
08:34:24.0127 2768 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:34:24.0127 2768 WimFltr - ok
08:34:24.0143 2768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:34:24.0158 2768 WIMMount - ok
08:34:24.0158 2768 WinDefend - ok
08:34:24.0174 2768 WinHttpAutoProxySvc - ok
08:34:24.0221 2768 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:34:24.0252 2768 Winmgmt - ok
08:34:24.0361 2768 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:34:24.0455 2768 WinRM - ok
08:34:24.0548 2768 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:34:24.0564 2768 WinUsb - ok
08:34:24.0611 2768 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:34:24.0626 2768 Wlansvc - ok
08:34:24.0813 2768 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:34:24.0860 2768 wlidsvc - ok
08:34:24.0923 2768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:34:24.0923 2768 WmiAcpi - ok
08:34:24.0954 2768 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:34:24.0969 2768 wmiApSrv - ok
08:34:25.0016 2768 WMPNetworkSvc - ok
08:34:25.0032 2768 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:34:25.0047 2768 WPCSvc - ok
08:34:25.0079 2768 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:34:25.0094 2768 WPDBusEnum - ok
08:34:25.0110 2768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:34:25.0141 2768 ws2ifsl - ok
08:34:25.0188 2768 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:34:25.0203 2768 wscsvc - ok
08:34:25.0203 2768 WSearch - ok
08:34:25.0344 2768 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:34:25.0406 2768 wuauserv - ok
08:34:25.0469 2768 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:34:25.0500 2768 WudfPf - ok
08:34:25.0547 2768 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:34:25.0562 2768 WUDFRd - ok
08:34:25.0609 2768 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:34:25.0625 2768 wudfsvc - ok
08:34:25.0656 2768 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:34:25.0687 2768 WwanSvc - ok
08:34:25.0781 2768 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:34:25.0796 2768 YahooAUService - ok
08:34:25.0812 2768 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:34:26.0061 2768 \Device\Harddisk0\DR0 - ok
08:34:26.0108 2768 MBR (0x1B8) (4c174fe99672b3a91fda305d2eb1efed) \Device\Harddisk5\DR5
08:34:27.0169 2768 \Device\Harddisk5\DR5 - ok
08:34:27.0169 2768 Boot (0x1200) (21a5d2aec3facc30de13cc3a22036453) \Device\Harddisk0\DR0\Partition0
08:34:27.0169 2768 \Device\Harddisk0\DR0\Partition0 - ok
08:34:27.0185 2768 Boot (0x1200) (7425740b333582ab019a8dd8a7b58960) \Device\Harddisk0\DR0\Partition1
08:34:27.0185 2768 \Device\Harddisk0\DR0\Partition1 - ok
08:34:27.0185 2768 Boot (0x1200) (aa36d1e876665a9e4f7cb9286757e104) \Device\Harddisk5\DR5\Partition0
08:34:27.0185 2768 \Device\Harddisk5\DR5\Partition0 - ok
08:34:27.0200 2768 ============================================================
08:34:27.0200 2768 Scan finished
08:34:27.0200 2768 ============================================================
08:34:27.0200 2652 Detected object count: 0
08:34:27.0200 2652 Actual detected object count: 0





aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 08:36:03
-----------------------------
08:36:03.515 OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:03.515 Number of processors: 6 586 0xA00
08:36:03.515 ComputerName: NICK-PC UserName: nick
08:36:04.607 Initialize success
08:36:43.201 AVAST engine defs: 12070300
08:36:57.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
08:36:57.148 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
08:36:57.163 Disk 0 MBR read successfully
08:36:57.163 Disk 0 MBR scan
08:36:57.163 Disk 0 Windows VISTA default MBR code
08:36:57.163 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:36:57.179 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10842 MB offset 81920
08:36:57.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942977 MB offset 22286336
08:36:57.195 Disk 0 scanning C:\Windows\system32\drivers
08:37:05.104 Service scanning
08:37:09.675 Service FastUserSwitchingCompatibility C:\Windows\C:\Windows\system32\FastUserSwitchingCompatibilityex.dll **LOCKED** 123
08:37:21.000 Modules scanning
08:37:21.000 Disk 0 trace - called modules:
08:37:21.016 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys amdxata.sys storport.sys hal.dll amdsata.sys
08:37:21.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800625e060]
08:37:21.031 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80060b1cf0]
08:37:21.031 5 PCTCore64.sys[fffff8800115e720] -> nt!IofCallDriver -> [0xfffffa8005fbf040]
08:37:21.047 7 amdxata.sys[fffff8800106d7a8] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8005fad060]
08:37:22.560 AVAST engine scan C:\Windows
08:37:25.821 AVAST engine scan C:\Windows\system32
08:39:55.284 AVAST engine scan C:\Windows\system32\drivers
08:40:18.581 AVAST engine scan C:\Users\nick
08:55:38.638 AVAST engine scan C:\ProgramData
08:56:53.274 Scan finished successfully
08:58:14.492 Disk 0 MBR has been saved successfully to "C:\Users\nick\Desktop\antimalware stuff\MBR.dat"
08:58:14.492 The log file has been saved successfully to "C:\Users\nick\Desktop\antimalware stuff\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 03 July 2012 - 01:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\nick\AppData\Local\Ilivid Player
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\ConduitEngine

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 July 2012 - 02:15 PM

OK so after i was waiting for your last response the virus popped up that says my hard disk is bad and system failure with like 35 windows and it removed some icons from my desktop and start menu. Below im posting the combofix with the CFScript and also the latest malwarebytes scan.


Combofix with CFScript

ComboFix 12-06-28.03 - nick 07/03/2012 15:03:50.5.6 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4477 [GMT -4:00]
Running from: c:\users\nick\Desktop\antimalware stuff\ComboFix.exe
Command switches used :: c:\users\nick\Desktop\antimalware stuff\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\INSTALL.LOG
c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\tbBitT.dll
c:\program files (x86)\BitTorrentBar\toolbar.cfg
c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar\UNWISE.EXE
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\programdata\biiWPEJPdbnXvw.exe
c:\users\nick\AppData\Local\assembly\tmp
c:\users\nick\AppData\Local\Ilivid Player
c:\users\nick\AppData\Local\Ilivid Player\script.qscript
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 19:07 . 2012-07-03 19:07 -------- d-----w- c:\users\njames\AppData\Local\temp
2012-07-03 19:07 . 2012-07-03 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 14:27 . 2012-07-01 14:27 -------- d-----w- c:\users\nick\AppData\Roaming\Curiolab
2012-07-01 12:52 . 2012-07-01 12:52 -------- d-----w- C:\_OTL
2012-07-01 12:46 . 2012-07-01 14:31 -------- d-----w- c:\program files (x86)\Exterminate It!
2012-07-01 01:13 . 2012-07-01 01:13 -------- d-----w- c:\users\nick\AppData\Roaming\Avira
2012-07-01 01:11 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-01 01:11 . 2012-07-02 01:14 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-01 01:11 . 2012-07-02 01:14 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-01 01:11 . 2012-07-01 01:11 -------- d-----w- c:\programdata\Avira
2012-07-01 01:11 . 2012-07-01 01:11 -------- d-----w- c:\program files (x86)\Avira
2012-07-01 00:36 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-01 00:36 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-01 00:36 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-01 00:33 . 2012-07-01 00:33 -------- d-----w- c:\users\nick\AppData\Roaming\TestApp
2012-06-30 23:24 . 2012-06-30 23:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-30 22:58 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-06-30 22:48 . 2012-06-30 22:48 290142936 ----a-w- C:\regbackup.reg
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\users\nick\AppData\Roaming\Simply Super Software
2012-06-30 22:35 . 2003-02-03 00:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-06-30 22:35 . 2002-03-06 05:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-06-30 22:35 . 2012-06-30 22:35 -------- d-----w- c:\programdata\Simply Super Software
2012-06-30 20:10 . 2012-07-01 12:50 -------- d-----w- c:\users\nick\AppData\Roaming\Ufywuw
2012-06-30 20:10 . 2012-06-30 20:10 -------- d-----w- c:\users\nick\AppData\Roaming\Rabuy
2012-06-30 20:10 . 2012-06-30 20:10 -------- d-----w- c:\programdata\Local Settings
2012-06-30 17:21 . 2012-06-30 17:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-30 17:10 . 2012-06-30 17:10 -------- d-----w- c:\users\nick\php
2012-06-29 08:21 . 2012-06-29 08:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\offreg.dll
2012-06-29 06:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E56A3A-02AD-40EB-877D-8AF0EE7EDD72}\mpengine.dll
2012-06-24 17:23 . 2012-06-24 17:23 -------- d-----w- c:\users\nick\AppData\Local\Macromedia
2012-06-22 10:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:26 . 2012-06-20 21:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 21:26 . 2012-06-20 21:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-20 20:34 . 2012-06-26 22:46 -------- d-----w- c:\users\nick\AppData\Roaming\Windows Live Writer
2012-06-20 20:34 . 2012-06-20 20:34 -------- d-----w- c:\users\nick\AppData\Local\Windows Live Writer
2012-06-20 15:36 . 2012-06-20 15:36 -------- d-----w- c:\windows\en
2012-06-20 15:32 . 2012-06-20 15:32 -------- d-----w- c:\program files\Windows Live
2012-06-20 15:28 . 2012-06-20 15:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DSETUP.dll
2012-06-20 15:28 . 2012-06-20 15:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\DXSETUP.exe
2012-06-20 15:28 . 2012-06-20 15:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4da9d2781cd4ef912\dsetup32.dll
2012-06-13 07:00 . 2012-05-18 01:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-12 22:05 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:05 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 13:28 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-23 13:27 . 2012-05-06 15:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:27 . 2012-05-06 15:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 15:31 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-14 15:03 . 2012-07-01 00:36 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-01 00:36 131 ----a-w- c:\windows\IDB.zip
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-02_17.16.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-22 19:09 . 2012-07-01 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 19:09 . 2012-07-03 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-30 22:01 . 2012-07-03 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-30 22:01 . 2012-07-01 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-03 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-03 18:01 . 2012-07-03 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 15:33 . 2012-07-02 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 15:33 . 2012-07-02 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 18:01 . 2012-07-03 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-03 13:53 734572 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 13:53 146324 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-23 39408]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-30 1240848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-05-21 18240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"31375"="c:\progra~3\LOCALS~1\Temp\msiszuuu.com" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-02 86224]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 75656]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-25 116752]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 75800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-12-08 14944]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 13:27]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 01:18]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 01:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-Locked - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
Wow6432Node-HKLM-Run-biiWPEJPdbnXvw.exe - c:\programdata\biiWPEJPdbnXvw.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-03 15:09:39
ComboFix-quarantined-files.txt 2012-07-03 19:09
ComboFix2.txt 2012-07-02 17:17
ComboFix3.txt 2012-07-01 14:03
ComboFix4.txt 2012-07-01 13:52
ComboFix5.txt 2012-07-03 19:02
.
Pre-Run: 829,387,112,448 bytes free
Post-Run: 829,684,830,208 bytes free
.
- - End Of File - - DA41E427373A03D7088B61861E3C2AA9






Malwarebytes scan


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
nick :: NICK-PC [administrator]

7/3/2012 2:07:25 PM
mbam-log-2012-07-03 (14-07-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426981
Time elapsed: 42 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|31375 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msiszuuu.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 03 July 2012 - 04:10 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 July 2012 - 04:37 PM

OTL SCAN


OTL logfile created on: 7/3/2012 5:29:06 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\nick\Desktop\antimalware stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.23% Memory free
12.00 Gb Paging File | 10.56 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 772.76 Gb Free Space | 83.92% Space Free | Partition Type: NTFS
Drive I: | 122.10 Mb Total Space | 97.94 Mb Free Space | 80.21% Space Free | Partition Type: FAT

Computer Name: NICK-PC | User Name: nick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\nick\Desktop\antimalware stuff\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (radpms) -- C:\Windows\SysNative\drivers\radpms.sys (LogMeIn, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{59FC0FB4-E38A-4A09-BF96-E0A2379482DC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{16DB95E6-5AC7-4CD5-A2E3-4D9176407BD7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120307200717188&tb_oid=07-03-2012&tb_mrud=07-03-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\nick\Desktop
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120307200717188&tb_oid=07-03-2012&tb_mrud=07-03-2012
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enUS398
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-223829802-1462874175-969288105-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/08 15:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/30 20:36:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 17:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/07 16:06:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 17:26:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/07 16:06:55 | 000,000,000 | ---D | M]

[2012/01/09 17:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nick\AppData\Roaming\Mozilla\Extensions
[2012/06/08 16:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\extensions
[2012/06/07 11:48:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/07 16:07:38 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/01/17 04:45:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\extensions\ffxtlbr@babylon.com
[2012/05/27 17:08:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\c2dhnjb2.default\extensions\toolbar@ask.com
[2012/01/09 17:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/04 09:27:04 | 000,068,479 | ---- | M] () (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2DHNJB2.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
[2012/06/08 16:01:09 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2DHNJB2.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/06/20 17:26:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/17 04:45:36 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/20 17:26:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 17:26:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/03 15:08:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-223829802-1462874175-969288105-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-21-223829802-1462874175-969288105-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-223829802-1462874175-969288105-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-223829802-1462874175-969288105-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 31375 = C:\PROGRA~3\LOCALS~1\Temp\msiszuuu.com
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-223829802-1462874175-969288105-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-223829802-1462874175-969288105-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-223829802-1462874175-969288105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-223829802-1462874175-969288105-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB3FDED3-D259-428E-B5AC-B7FC31D1C8BB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 17:27:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/03 15:09:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/02 04:16:47 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{040113F9-1029-4C51-8555-1236B9891BAF}
[2012/07/02 04:16:37 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{0B07B1F8-9754-4E67-9B33-8ECA2909CC66}
[2012/07/01 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{E2368FD3-66C2-4DF9-A835-374B15A1DD87}
[2012/07/01 15:42:27 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{73C2D7D9-AA93-4CC5-B823-71E5DA107A98}
[2012/07/01 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{7624019E-9150-45EA-BD78-B538F2705508}
[2012/07/01 15:41:55 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{0D1DF72C-2E57-44EE-B7A5-5611E2BD52BD}
[2012/07/01 10:27:06 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Curiolab
[2012/07/01 09:08:57 | 000,000,000 | ---D | C] -- C:\Users\nick\Desktop\antimalware stuff
[2012/07/01 08:52:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 08:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/07/01 08:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/06/30 21:13:37 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Avira
[2012/06/30 21:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/30 21:11:40 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/30 21:11:39 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/30 21:11:39 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/30 21:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/30 21:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/30 20:36:39 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/30 20:36:34 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/30 20:36:33 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/30 20:36:33 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/30 20:36:06 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/30 20:36:06 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/30 20:36:03 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/06/30 20:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/30 20:35:55 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/30 20:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/30 20:33:32 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/30 20:33:32 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/30 20:33:30 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/30 20:33:28 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/30 20:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/30 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/30 20:33:13 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\TestApp
[2012/06/30 19:24:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/30 18:58:39 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/06/30 18:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/30 18:35:36 | 000,000,000 | ---D | C] -- C:\Users\nick\Documents\Simply Super Software
[2012/06/30 18:35:36 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Simply Super Software
[2012/06/30 18:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/06/30 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/06/30 18:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/06/30 16:10:20 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Ufywuw
[2012/06/30 16:10:20 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Rabuy
[2012/06/30 16:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/06/30 13:21:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/30 13:10:20 | 000,000,000 | ---D | C] -- C:\Users\nick\php
[2012/06/29 17:48:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/29 17:48:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/29 17:48:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/29 17:38:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/29 17:33:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\nick\Desktop\aswMBR.com
[2012/06/29 12:36:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/29 04:42:11 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{00B7865E-3926-413A-9959-5097FC8678EE}
[2012/06/29 04:42:01 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{3E25CAF4-1348-4049-A5FC-0912E12EBE7E}
[2012/06/28 16:41:36 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{8379ACF7-FE2D-4475-9872-0964CAD09BCA}
[2012/06/28 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{1351613F-09BB-4402-B6B4-811DA845B4E9}
[2012/06/27 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{9529000D-65A4-4F4E-951F-C05B51DFE045}
[2012/06/27 04:40:25 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{18AF6DF1-2594-4120-AD84-3C90F31C44FF}
[2012/06/26 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{252928CE-F5C4-489D-A44A-859A981A85B8}
[2012/06/26 04:39:37 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{6244D029-29D7-433C-B42E-D976AAC0EFC5}
[2012/06/25 16:39:16 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{E265BF37-C413-4B2D-B5FB-44FACD631B3C}
[2012/06/25 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{63319092-17A7-4A1D-88C0-2D4F09080F0B}
[2012/06/24 16:38:29 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{8D698E9A-669C-49EF-A0A7-5E86EFB6D336}
[2012/06/24 13:23:03 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\Macromedia
[2012/06/24 04:38:04 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{7E974CA2-2545-407E-AFB3-C5606C29556D}
[2012/06/23 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{755E69C4-B1E7-4231-BA8D-D0EEFF79D371}
[2012/06/23 04:37:17 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{DA0DD8DF-A056-455E-8300-55142E6333FA}
[2012/06/22 16:36:53 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{C07023A8-C579-439D-AC0E-88AFA600E1AC}
[2012/06/22 06:29:43 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 06:29:43 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 06:29:43 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 06:29:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 06:29:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 06:29:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 06:29:06 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 06:29:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{D42A03FE-7608-4590-BE4C-ECDE22503198}
[2012/06/21 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{6788213E-C08D-4BA6-8D71-D955CD0D795A}
[2012/06/21 04:35:41 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{A3C7D3D9-E411-4B36-B7A2-2D0629E19B2C}
[2012/06/21 04:35:31 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{27B9DD60-579A-43E1-9EC4-BA61BFB6A17C}
[2012/06/20 16:34:47 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{BCF7DFC4-0E22-4705-8325-75FA7F3ED60E}
[2012/06/20 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{4975C16C-EB7A-4414-9C65-3FB00F3891B1}
[2012/06/20 16:34:23 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Roaming\Windows Live Writer
[2012/06/20 16:34:23 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\Windows Live Writer
[2012/06/20 11:42:25 | 000,000,000 | ---D | C] -- C:\Users\nick\AppData\Local\{09B42634-A4FD-43C1-BD2E-FED6D6081497}
[2012/06/20 11:36:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 11:36:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/20 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/13 03:01:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 03:01:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 03:01:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 03:01:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 03:01:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 03:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 03:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 03:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 03:00:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 03:00:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 03:00:56 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 03:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 03:00:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 18:05:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 18:05:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 18:05:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 18:04:53 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 18:04:52 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 18:04:52 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 18:04:46 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 18:04:41 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 18:04:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/07/03 15:08:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/03 14:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 14:04:15 | 536,317,951 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 14:01:26 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 14:00:56 | 002,128,109 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/03 09:53:23 | 000,734,572 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/03 09:53:23 | 000,733,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/03 09:53:23 | 000,146,324 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/02 11:05:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 10:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 09:41:17 | 000,000,000 | ---- | M] () -- C:\Users\nick\defogger_reenable
[2012/07/02 03:25:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 03:25:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 21:14:51 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/07/01 21:14:51 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/01 09:28:23 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/06/30 19:01:50 | 000,173,853 | ---- | M] () -- C:\Users\nick\AppData\Local\census.cache
[2012/06/30 19:01:47 | 000,156,602 | ---- | M] () -- C:\Users\nick\AppData\Local\ars.cache
[2012/06/30 18:58:19 | 000,000,036 | ---- | M] () -- C:\Users\nick\AppData\Local\housecall.guid.cache
[2012/06/30 18:48:21 | 290,142,936 | ---- | M] () -- C:\regbackup.reg
[2012/06/29 17:33:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\nick\Desktop\aswMBR.com
[2012/06/29 16:40:46 | 000,126,956 | ---- | M] () -- C:\Users\nick\.ranktracker.properties
[2012/06/23 19:40:35 | 000,195,841 | ---- | M] () -- C:\Users\nick\.spyglass.properties
[2012/06/23 09:27:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 09:27:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/14 12:31:22 | 002,267,096 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/14 12:31:22 | 001,681,368 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/14 12:31:22 | 000,149,464 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/14 12:31:00 | 000,767,960 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012/06/14 11:03:42 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012/06/14 11:03:42 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012/06/14 11:03:42 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012/06/14 11:03:42 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[2012/06/13 03:29:12 | 000,466,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/05 03:37:22 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

========== Files Created - No Company Name ==========

[2012/07/03 14:19:00 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/03 14:19:00 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\MetaTrader - Alpari (US).lnk
[2012/07/03 14:19:00 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\TradeStation 9.0.lnk
[2012/07/03 14:19:00 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\LockDown Browser.lnk
[2012/07/03 14:19:00 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/03 14:19:00 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/03 14:19:00 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/07/03 14:19:00 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Moyea SWF to Video Converter Standard.lnk
[2012/07/03 14:19:00 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/03 14:18:59 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/03 14:18:59 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2012/07/03 14:18:59 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/03 14:18:59 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\FXCM MT4 powered by BT.lnk
[2012/07/03 14:18:59 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2012/07/03 14:18:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 14:18:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/03 14:18:59 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/07/03 14:18:59 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/07/03 14:18:59 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/07/03 14:18:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/03 14:18:59 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/07/03 14:18:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/07/03 14:18:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/07/03 14:18:59 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/07/03 14:18:59 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Localizer Leads Tool.lnk
[2012/07/03 14:18:59 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/07/03 14:18:59 | 000,000,619 | ---- | C] () -- C:\Users\Public\Desktop\Forex Tester 2.lnk
[2012/07/03 14:18:58 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/03 14:18:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/07/03 14:18:58 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012/07/03 14:18:57 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/07/03 14:18:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/03 14:18:56 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/07/03 14:18:56 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2012/07/03 14:18:56 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Localizer Leads Tool.lnk
[2012/07/03 14:18:56 | 000,000,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/07/03 14:18:55 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/03 14:18:55 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2012/07/03 14:18:55 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
[2012/07/03 14:18:55 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2012/07/03 14:18:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/02 09:41:17 | 000,000,000 | ---- | C] () -- C:\Users\nick\defogger_reenable
[2012/06/30 20:36:38 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/30 20:36:36 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/06/30 20:36:36 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/06/30 20:36:33 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/06/30 20:36:33 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/30 20:33:33 | 002,128,109 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/30 19:01:50 | 000,173,853 | ---- | C] () -- C:\Users\nick\AppData\Local\census.cache
[2012/06/30 19:01:47 | 000,156,602 | ---- | C] () -- C:\Users\nick\AppData\Local\ars.cache
[2012/06/30 18:58:19 | 000,000,036 | ---- | C] () -- C:\Users\nick\AppData\Local\housecall.guid.cache
[2012/06/30 18:48:11 | 290,142,936 | ---- | C] () -- C:\regbackup.reg
[2012/06/30 18:35:33 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/06/30 18:35:33 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/06/29 17:48:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/29 17:48:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/29 17:48:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/29 17:48:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/29 17:48:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/18 18:18:17 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/11 12:04:08 | 000,002,048 | -HS- | C] () -- C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\@
[2012/01/10 13:26:29 | 000,126,956 | ---- | C] () -- C:\Users\nick\.ranktracker.properties
[2012/01/10 13:24:34 | 000,435,346 | ---- | C] () -- C:\Users\nick\.websiteauditor.properties
[2012/01/10 10:25:36 | 000,195,841 | ---- | C] () -- C:\Users\nick\.spyglass.properties
[2011/12/02 06:26:24 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/16 22:24:33 | 000,003,584 | ---- | C] () -- C:\Users\nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 20:42:53 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/08 18:24:39 | 000,000,247 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/08 18:24:39 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/08 18:24:17 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2011/10/08 18:22:41 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/10/08 18:22:41 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/10/08 18:22:21 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/10/08 18:22:17 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/02/26 11:51:25 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/11/05 11:53:22 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/28 15:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2010/10/19 10:07:15 | 000,000,017 | ---- | C] () -- C:\Users\nick\AppData\Local\resmon.resmoncfg
[2010/10/06 17:25:02 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/22 20:58:14 | 000,000,320 | ---- | C] () -- C:\Windows\Currensys_uninstall.ini
[2010/09/22 20:45:25 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/09/16 01:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/15 23:51:02 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/09/15 23:51:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/09/15 23:51:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/09/15 23:51:01 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/15 23:51:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#12 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 July 2012 - 04:39 AM

this is what AVSCAN found ... 3 or 4 viruses ... its crazy




Avira Free Antivirus
Report file date: Tuesday, July 03, 2012 20:56

Scanning for 3831448 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : nick
Computer name : NICK-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 7/2/2012 01:14:46
AVSCAN.DLL : 12.3.0.15 54736 Bytes 7/2/2012 01:14:46
LUKE.DLL : 12.3.0.15 68304 Bytes 7/2/2012 01:14:50
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 7/1/2012 01:14:02
AVREG.DLL : 12.3.0.17 232200 Bytes 7/1/2012 01:14:01
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 12:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 01:13:24
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 01:13:33
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 01:13:41
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 01:13:42
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 01:13:42
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 01:13:42
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 01:13:42
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 01:13:43
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 01:13:43
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 01:13:43
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 01:13:44
VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 00:47:57
VBASE015.VDF : 7.11.34.202 2048 Bytes 7/2/2012 00:47:57
VBASE016.VDF : 7.11.34.203 2048 Bytes 7/2/2012 00:47:58
VBASE017.VDF : 7.11.34.204 2048 Bytes 7/2/2012 00:47:58
VBASE018.VDF : 7.11.34.205 2048 Bytes 7/2/2012 00:47:58
VBASE019.VDF : 7.11.34.206 2048 Bytes 7/2/2012 00:47:58
VBASE020.VDF : 7.11.34.207 2048 Bytes 7/2/2012 00:47:59
VBASE021.VDF : 7.11.34.208 2048 Bytes 7/2/2012 00:47:59
VBASE022.VDF : 7.11.34.209 2048 Bytes 7/2/2012 00:47:59
VBASE023.VDF : 7.11.34.210 2048 Bytes 7/2/2012 00:47:59
VBASE024.VDF : 7.11.34.211 2048 Bytes 7/2/2012 00:48:00
VBASE025.VDF : 7.11.34.212 2048 Bytes 7/2/2012 00:48:00
VBASE026.VDF : 7.11.34.213 2048 Bytes 7/2/2012 00:48:00
VBASE027.VDF : 7.11.34.214 2048 Bytes 7/2/2012 00:48:01
VBASE028.VDF : 7.11.34.215 2048 Bytes 7/2/2012 00:48:01
VBASE029.VDF : 7.11.34.216 2048 Bytes 7/2/2012 00:48:01
VBASE030.VDF : 7.11.34.217 2048 Bytes 7/2/2012 00:48:02
VBASE031.VDF : 7.11.35.2 70144 Bytes 7/3/2012 00:48:02
Engine version : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 7/1/2012 01:13:59
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 7/1/2012 01:13:59
AESCN.DLL : 8.1.8.2 131444 Bytes 7/1/2012 01:13:58
AESBX.DLL : 8.2.5.12 606578 Bytes 7/1/2012 01:14:00
AERDL.DLL : 8.1.9.15 639348 Bytes 1/31/2012 12:56:42
AEPACK.DLL : 8.2.16.22 807288 Bytes 7/1/2012 01:13:58
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 7/1/2012 01:13:56
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 7/1/2012 01:13:56
AEHELP.DLL : 8.1.23.2 258422 Bytes 7/1/2012 01:13:51
AEGEN.DLL : 8.1.5.30 422261 Bytes 7/1/2012 01:13:51
AEEXP.DLL : 8.1.0.58 82292 Bytes 7/1/2012 01:14:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/31/2012 12:56:38
AECORE.DLL : 8.1.25.10 201080 Bytes 7/1/2012 01:13:50
AEBB.DLL : 8.1.1.0 53618 Bytes 1/31/2012 12:56:38
AVWINLL.DLL : 12.3.0.15 27344 Bytes 7/2/2012 01:14:45
AVPREF.DLL : 12.3.0.15 51920 Bytes 7/2/2012 01:14:46
AVREP.DLL : 12.3.0.15 179208 Bytes 7/1/2012 01:14:02
AVARKT.DLL : 12.3.0.15 211408 Bytes 7/2/2012 01:14:45
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 7/2/2012 01:14:46
SQLITE3.DLL : 3.7.0.1 398288 Bytes 7/2/2012 01:14:51
AVSMTP.DLL : 12.3.0.15 63440 Bytes 7/2/2012 01:14:46
NETNT.DLL : 12.3.0.15 17104 Bytes 7/2/2012 01:14:50
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 7/2/2012 01:14:45
RCTEXT.DLL : 12.3.0.15 96720 Bytes 7/2/2012 01:14:45

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Tuesday, July 03, 2012 20:56

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'UdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'Jing.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'aim.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'sftservice.EXE' - '1' Module(s) have been scanned
Scan process 'PDFProFiltSrvPP.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '1' Module(s) have been scanned
Scan process 'BBSvc.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '3394' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
[WARNING] The file is password protected
C:\Program Files (x86)\Exterminate It!\Scan.log
[WARNING] The file is password protected
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\LDB_20120405001
[WARNING] The file is password protected
C:\Qoobox\Quarantine\C\ProgramData\biiWPEJPdbnXvw.exe.vir
[DETECTION] Is the TR/FakeSysdef.NI.7 Trojan
C:\Qoobox\Quarantine\C\ProgramData\NNJhPqqbpXaPTCO.exe.vir
[DETECTION] Is the TR/FakeSysdef.348160.4 Trojan
C:\Qoobox\Quarantine\C\Users\nick\AppData\Roaming\4E36E2.exe.vir.vir
[DETECTION] Is the TR/Dldr.Agent.94208.37 Trojan
C:\Users\nick\AppData\Roaming\TradeStation Technologies\TradeStation\Versions\9.00.00\Patches\patchbr[9.00.00.8505].tsa
[WARNING] The file is password protected
C:\Users\nick\Desktop\2492010_Joel_Rensink_DIBS.part1.rar
[WARNING] Error multiple volume
C:\Users\nick\Desktop\2492010_Joel_Rensink_DIBS.part3.rar
[WARNING] Error multiple volume
C:\Users\nick\Desktop\antimalware stuff\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\nick\Desktop\Joel Rensink\2492010_Joel_Rensink_DIBS.part2.rar
[WARNING] Error multiple volume
C:\Users\nick\Desktop\Websites\What_Google_Never_Told_You_About_Making_More_Money_with_Adsense.rar
[WARNING] The file is password protected
C:\Users\nick\Documents\nick laptop\Desktop\Joel Rensink\2492010_Joel_Rensink_DIBS.part1.rar
[WARNING] Error multiple volume
C:\Users\nick\Documents\nick laptop\Desktop\Joel Rensink\2492010_Joel_Rensink_DIBS.part2.rar
[WARNING] Error multiple volume
C:\Users\nick\Documents\nick laptop\Desktop\Joel Rensink\2492010_Joel_Rensink_DIBS.part3.rar
[WARNING] Error multiple volume
C:\Windows\UDB.zip
[WARNING] The file is password protected
C:\Windows\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033
[0] Archive type: Portable Executable Resource
--> P39564799
[1] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archive type: 7-Zip
--> WriterProdLang.cab
[3] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
--> P7563067
[1] Archive type: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archive type: 7-Zip
--> LanguageSelector64.cab
[3] Archive type: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNING] The file could not be read!

Beginning disinfection:
C:\Qoobox\Quarantine\C\Users\nick\AppData\Roaming\4E36E2.exe.vir.vir
[DETECTION] Is the TR/Dldr.Agent.94208.37 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\ProgramData\NNJhPqqbpXaPTCO.exe.vir
[DETECTION] Is the TR/FakeSysdef.348160.4 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\ProgramData\biiWPEJPdbnXvw.exe.vir
[DETECTION] Is the TR/FakeSysdef.NI.7 Trojan
[NOTE] The file was deleted!


End of the scan: Wednesday, July 04, 2012 05:34
Used time: 1:50:32 Hour(s)

The scan has been done completely.

33802 Scanned directories
677765 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
3 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
677762 Files not concerned
26946 Archives were scanned
16 Warnings
3 Notes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 04 July 2012 - 11:47 AM

Hello

What Avira found are in quarantine and are not a problem - but I do see something in the OTL report that we need to run this tools to make sure we remove it

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 njames83

njames83
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 July 2012 - 07:21 PM

FRST Tool Log


Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 20:14:00
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2008-03-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124240 2008-09-29] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1240848 2012-06-30] (Simply Super Software)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-07-01] (Avira Operations GmbH & Co. KG)
HKU\nick\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
HKU\nick\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-22] (Google Inc.)
HKU\nick\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2918224 2012-02-01] (TechSmith Corporation)
HKU\nick\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKU\nick\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\njames\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-22] (Google Inc.)
HKU\njames\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\njames\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
HKU\njames\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025264 2009-05-21] (SupportSoft, Inc.)
HKU\njames\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-05-21] ()
HKLM\...\Policies\Explorer\Run: [31375] C:\PROGRA~3\LOCALS~1\Temp\msiszuuu.com
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-07-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-07-01] (Avira Operations GmbH & Co. KG)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-14] (Threat Expert Ltd.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [373640 2010-12-08] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2010-12-08] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.)
2 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [17920 2008-09-29] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2008-03-14] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [175072 2008-09-29] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [62800 2008-09-29] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [75656 2008-09-29] (McAfee, Inc.)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-26] (Sonic Solutions)
3 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-05-11] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-05-11] (PC Tools)
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 AmdLLD64; C:\Windows\System32\Drivers\AmdLLD64.sys [47672 2009-04-22] (Advanced Micro Devices)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-07-01] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-07-01] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-05-31] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-05-31] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-05-31] (LogMeIn, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [96016 2008-09-29] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [118688 2008-09-29] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [465792 2008-09-29] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [75800 2008-09-29] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [82504 2008-09-29] (McAfee, Inc.)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-14] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-05-11] (PC Tools)
3 radpms; C:\Windows\System32\Drivers\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-04 20:13 - 2012-07-04 20:14 - 00000000 ____D C:\FRST
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{C13CAA60-8498-4CC0-B85E-9AADF9A6AFEB}
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{A199CD5B-DD7F-46FE-B777-30D3291C3269}
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\{C13CAA60-8498-4CC0-B85E-9AADF9A6AFEB}
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\{A199CD5B-DD7F-46FE-B777-30D3291C3269}
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\AppData\Local\{C13CAA60-8498-4CC0-B85E-9AADF9A6AFEB}
2012-07-04 07:51 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\AppData\Local\{A199CD5B-DD7F-46FE-B777-30D3291C3269}
2012-07-04 07:50 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{C694ACFE-1537-46DC-8304-30B5999707A1}
2012-07-04 07:50 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\Local Settings\{C694ACFE-1537-46DC-8304-30B5999707A1}
2012-07-04 07:50 - 2012-07-04 07:51 - 00000000 ____D C:\Users\nick\AppData\Local\{C694ACFE-1537-46DC-8304-30B5999707A1}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{86EE4724-1862-4A57-A117-CBBE6EC4F54C}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{63D6926B-0EF3-463F-9FC1-25B47911BCC0}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\{86EE4724-1862-4A57-A117-CBBE6EC4F54C}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\{63D6926B-0EF3-463F-9FC1-25B47911BCC0}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\AppData\Local\{86EE4724-1862-4A57-A117-CBBE6EC4F54C}
2012-07-03 19:50 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\AppData\Local\{63D6926B-0EF3-463F-9FC1-25B47911BCC0}
2012-07-03 19:49 - 2012-07-04 07:50 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{0880AC13-6C4F-45F0-86A6-FBE90170F596}
2012-07-03 19:49 - 2012-07-04 07:50 - 00000000 ____D C:\Users\nick\Local Settings\{0880AC13-6C4F-45F0-86A6-FBE90170F596}
2012-07-03 19:49 - 2012-07-04 07:50 - 00000000 ____D C:\Users\nick\AppData\Local\{0880AC13-6C4F-45F0-86A6-FBE90170F596}
2012-07-03 19:49 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{DFFDED2D-D2DB-43C1-BCBC-D357BE4A4B20}
2012-07-03 19:49 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\Local Settings\{DFFDED2D-D2DB-43C1-BCBC-D357BE4A4B20}
2012-07-03 19:49 - 2012-07-03 19:50 - 00000000 ____D C:\Users\nick\AppData\Local\{DFFDED2D-D2DB-43C1-BCBC-D357BE4A4B20}
2012-07-03 16:38 - 2012-07-03 16:38 - 00064606 ____A C:\Users\nick\Desktop\TheHouseSpeaker.com Keyword Research.xlsx
2012-07-03 14:09 - 2012-07-03 14:09 - 00026244 ____A C:\ComboFix.txt
2012-07-03 13:19 - 2012-06-03 11:09 - 00001139 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-07-03 13:19 - 2012-06-03 11:09 - 00001139 ____A C:\Users\All Users\Desktop\Yahoo! Messenger.lnk
2012-07-03 13:19 - 2012-05-18 10:28 - 00000901 ____A C:\Users\Public\Desktop\Moyea SWF to Video Converter Standard.lnk
2012-07-03 13:19 - 2012-05-18 10:28 - 00000901 ____A C:\Users\All Users\Desktop\Moyea SWF to Video Converter Standard.lnk
2012-07-03 13:19 - 2012-05-15 16:46 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-03 13:19 - 2012-05-15 16:46 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-07-03 13:19 - 2012-02-13 13:17 - 00002029 ____A C:\Users\Public\Desktop\TradeStation 9.0.lnk
2012-07-03 13:19 - 2012-02-13 13:17 - 00002029 ____A C:\Users\All Users\Desktop\TradeStation 9.0.lnk
2012-07-03 13:19 - 2012-02-01 16:40 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-03 13:19 - 2012-02-01 16:40 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-07-03 13:19 - 2012-01-17 14:08 - 00002031 ____A C:\Users\Public\Desktop\MetaTrader - Alpari (US).lnk
2012-07-03 13:19 - 2012-01-17 14:08 - 00002031 ____A C:\Users\All Users\Desktop\MetaTrader - Alpari (US).lnk
2012-07-03 13:19 - 2012-01-09 16:22 - 00001140 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-03 13:19 - 2012-01-09 16:22 - 00001140 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-07-03 13:19 - 2011-11-25 13:26 - 00001949 ____A C:\Users\Public\Desktop\LockDown Browser.lnk
2012-07-03 13:19 - 2011-11-25 13:26 - 00001949 ____A C:\Users\All Users\Desktop\LockDown Browser.lnk
2012-07-03 13:19 - 2011-11-05 16:51 - 00000742 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-03 13:19 - 2011-11-05 16:51 - 00000742 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-03 13:18 - 2012-05-28 09:45 - 00000993 ____A C:\Users\Public\Desktop\Localizer Leads Tool.lnk
2012-07-03 13:18 - 2012-05-28 09:45 - 00000993 ____A C:\Users\All Users\Desktop\Localizer Leads Tool.lnk
2012-07-03 13:18 - 2012-05-27 15:55 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 13:18 - 2012-05-27 15:55 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-03 13:18 - 2012-05-18 10:22 - 00001170 ____A C:\Users\Public\Desktop\Camtasia Studio 7.lnk
2012-07-03 13:18 - 2012-05-18 10:22 - 00001170 ____A C:\Users\All Users\Desktop\Camtasia Studio 7.lnk
2012-07-03 13:18 - 2012-03-07 15:07 - 00001913 ____A C:\Users\Public\Desktop\AIM.lnk
2012-07-03 13:18 - 2012-03-07 15:07 - 00001913 ____A C:\Users\All Users\Desktop\AIM.lnk
2012-07-03 13:18 - 2012-01-17 16:20 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-03 13:18 - 2012-01-17 16:20 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-07-03 13:18 - 2011-06-11 11:46 - 00000965 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-07-03 13:18 - 2011-06-11 11:46 - 00000965 ____A C:\Users\All Users\Desktop\BitTorrent.lnk
2012-07-03 13:18 - 2011-05-08 22:35 - 00001921 ____A C:\Users\Public\Desktop\FXCM MT4 powered by BT.lnk
2012-07-03 13:18 - 2011-05-08 22:35 - 00001921 ____A C:\Users\All Users\Desktop\FXCM MT4 powered by BT.lnk
2012-07-03 13:18 - 2011-02-26 11:09 - 00002021 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
2012-07-03 13:18 - 2011-02-26 11:09 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
2012-07-03 13:18 - 2010-12-23 17:31 - 00000619 ____A C:\Users\Public\Desktop\Forex Tester 2.lnk
2012-07-03 13:18 - 2010-12-23 17:31 - 00000619 ____A C:\Users\All Users\Desktop\Forex Tester 2.lnk
2012-07-02 10:19 - 2012-07-03 13:19 - 00005298 ____A C:\Users\nick\Desktop\unhide.txt
2012-07-02 08:41 - 2012-07-02 08:41 - 00000000 ____A C:\Users\nick\defogger_reenable
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{0B07B1F8-9754-4E67-9B33-8ECA2909CC66}
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{040113F9-1029-4C51-8555-1236B9891BAF}
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\Local Settings\{0B07B1F8-9754-4E67-9B33-8ECA2909CC66}
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\Local Settings\{040113F9-1029-4C51-8555-1236B9891BAF}
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\AppData\Local\{0B07B1F8-9754-4E67-9B33-8ECA2909CC66}
2012-07-02 03:16 - 2012-07-02 03:16 - 00000000 ____D C:\Users\nick\AppData\Local\{040113F9-1029-4C51-8555-1236B9891BAF}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{E2368FD3-66C2-4DF9-A835-374B15A1DD87}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{7624019E-9150-45EA-BD78-B538F2705508}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{73C2D7D9-AA93-4CC5-B823-71E5DA107A98}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\{E2368FD3-66C2-4DF9-A835-374B15A1DD87}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\{7624019E-9150-45EA-BD78-B538F2705508}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\{73C2D7D9-AA93-4CC5-B823-71E5DA107A98}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\AppData\Local\{E2368FD3-66C2-4DF9-A835-374B15A1DD87}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\AppData\Local\{7624019E-9150-45EA-BD78-B538F2705508}
2012-07-01 14:42 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\AppData\Local\{73C2D7D9-AA93-4CC5-B823-71E5DA107A98}
2012-07-01 14:41 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{0D1DF72C-2E57-44EE-B7A5-5611E2BD52BD}
2012-07-01 14:41 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\Local Settings\{0D1DF72C-2E57-44EE-B7A5-5611E2BD52BD}
2012-07-01 14:41 - 2012-07-01 14:42 - 00000000 ____D C:\Users\nick\AppData\Local\{0D1DF72C-2E57-44EE-B7A5-5611E2BD52BD}
2012-07-01 09:27 - 2012-07-01 09:27 - 00000000 ____D C:\Users\nick\Application Data\Curiolab
2012-07-01 09:27 - 2012-07-01 09:27 - 00000000 ____D C:\Users\nick\AppData\Roaming\Curiolab
2012-07-01 08:28 - 2012-07-01 08:28 - 00000424 ____A C:\blitzblank.log
2012-07-01 08:08 - 2012-07-03 16:30 - 00000000 ____D C:\Users\nick\Desktop\antimalware stuff
2012-07-01 07:52 - 2012-07-01 07:52 - 00000000 ____D C:\_OTL
2012-07-01 07:46 - 2012-07-01 09:31 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2012-06-30 20:13 - 2012-06-30 20:13 - 00000000 ____D C:\Users\nick\Application Data\Avira
2012-06-30 20:13 - 2012-06-30 20:13 - 00000000 ____D C:\Users\nick\AppData\Roaming\Avira
2012-06-30 20:11 - 2012-07-01 20:14 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-06-30 20:11 - 2012-07-01 20:14 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-06-30 20:11 - 2012-06-30 20:11 - 00000000 ____D C:\Users\All Users\Avira
2012-06-30 20:11 - 2012-06-30 20:11 - 00000000 ____D C:\Users\All Users\Application Data\Avira
2012-06-30 20:11 - 2012-06-30 20:11 - 00000000 ____D C:\Program Files (x86)\Avira
2012-06-30 20:11 - 2011-09-16 15:09 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-06-30 19:36 - 2012-06-14 11:31 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-30 19:36 - 2012-06-14 11:31 - 01681368 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-30 19:36 - 2012-06-14 11:31 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-30 19:36 - 2012-06-14 11:31 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-30 19:36 - 2012-06-14 11:31 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-06-30 19:36 - 2012-06-14 10:03 - 00003488 ____A C:\Windows\UDB.zip
2012-06-30 19:36 - 2012-06-14 10:03 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-30 19:36 - 2012-06-14 10:03 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-30 19:36 - 2012-06-14 10:03 - 00000131 ____A C:\Windows\IDB.zip
2012-06-30 19:36 - 2012-05-11 10:13 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-06-30 19:36 - 2012-05-11 10:09 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-30 19:36 - 2012-05-11 10:08 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-30 19:35 - 2012-06-30 19:35 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-06-30 19:35 - 2012-05-11 10:14 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-30 19:33 - 2012-07-03 19:42 - 02145779 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-30 19:33 - 2012-06-30 19:36 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-30 19:33 - 2012-06-30 19:36 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-30 19:33 - 2012-06-30 19:33 - 00000000 ____D C:\Users\nick\Application Data\TestApp
2012-06-30 19:33 - 2012-06-30 19:33 - 00000000 ____D C:\Users\nick\AppData\Roaming\TestApp
2012-06-30 19:33 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-30 19:33 - 2012-04-23 11:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-30 19:33 - 2012-02-28 10:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-30 19:33 - 2012-02-28 10:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-30 18:24 - 2012-06-30 18:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\Local Settings\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\Local Settings\Application Data\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\AppData\Local\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\Local Settings\ars.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\Local Settings\Application Data\ars.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\AppData\Local\ars.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\Local Settings\housecall.guid.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\Local Settings\Application Data\housecall.guid.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\AppData\Local\housecall.guid.cache
2012-06-30 17:58 - 2012-06-05 02:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-30 17:48 - 2012-06-30 17:48 - 290142936 ____A C:\regbackup.reg
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\nick\My Documents\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\nick\Documents\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\nick\Application Data\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\nick\AppData\Roaming\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Users\All Users\Application Data\Simply Super Software
2012-06-30 17:35 - 2012-06-30 17:35 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-06-30 17:35 - 2003-02-02 19:06 - 00153088 ____A C:\Windows\SysWOW64\UNRAR3.dll
2012-06-30 17:35 - 2002-03-06 00:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2012-06-30 15:10 - 2012-07-01 07:50 - 00000000 ____D C:\Users\nick\Application Data\Ufywuw
2012-06-30 15:10 - 2012-07-01 07:50 - 00000000 ____D C:\Users\nick\AppData\Roaming\Ufywuw
2012-06-30 15:10 - 2012-06-30 15:10 - 00000000 ____D C:\Users\nick\Application Data\Rabuy
2012-06-30 15:10 - 2012-06-30 15:10 - 00000000 ____D C:\Users\nick\AppData\Roaming\Rabuy
2012-06-30 12:21 - 2012-06-30 12:21 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-30 12:10 - 2012-06-30 12:10 - 00000000 ____D C:\Users\nick\php
2012-06-29 16:48 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-29 16:48 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-29 16:48 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-29 16:48 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-29 16:48 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-29 16:48 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-29 16:48 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-29 16:48 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-29 16:41 - 2012-06-29 16:41 - 00000103 ____A C:\Users\nick\Desktop\techspot.txt
2012-06-29 16:38 - 2012-07-01 08:46 - 00000000 ____D C:\Windows\erdnt
2012-06-29 16:33 - 2012-06-29 16:33 - 04731392 ____A (AVAST Software) C:\Users\nick\Desktop\aswMBR.com
2012-06-29 15:42 - 2012-06-30 17:53 - 00000395 ____A C:\rkill.log
2012-06-29 11:36 - 2012-07-03 14:09 - 00000000 ____D C:\Qoobox
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{3E25CAF4-1348-4049-A5FC-0912E12EBE7E}
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{00B7865E-3926-413A-9959-5097FC8678EE}
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\{3E25CAF4-1348-4049-A5FC-0912E12EBE7E}
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\{00B7865E-3926-413A-9959-5097FC8678EE}
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\AppData\Local\{3E25CAF4-1348-4049-A5FC-0912E12EBE7E}
2012-06-29 03:42 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\AppData\Local\{00B7865E-3926-413A-9959-5097FC8678EE}
2012-06-28 15:41 - 2012-06-28 15:41 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{8379ACF7-FE2D-4475-9872-0964CAD09BCA}
2012-06-28 15:41 - 2012-06-28 15:41 - 00000000 ____D C:\Users\nick\Local Settings\{8379ACF7-FE2D-4475-9872-0964CAD09BCA}
2012-06-28 15:41 - 2012-06-28 15:41 - 00000000 ____D C:\Users\nick\AppData\Local\{8379ACF7-FE2D-4475-9872-0964CAD09BCA}
2012-06-28 03:41 - 2012-06-28 03:41 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{1351613F-09BB-4402-B6B4-811DA845B4E9}
2012-06-28 03:41 - 2012-06-28 03:41 - 00000000 ____D C:\Users\nick\Local Settings\{1351613F-09BB-4402-B6B4-811DA845B4E9}
2012-06-28 03:41 - 2012-06-28 03:41 - 00000000 ____D C:\Users\nick\AppData\Local\{1351613F-09BB-4402-B6B4-811DA845B4E9}
2012-06-27 15:40 - 2012-06-27 15:40 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{9529000D-65A4-4F4E-951F-C05B51DFE045}
2012-06-27 15:40 - 2012-06-27 15:40 - 00000000 ____D C:\Users\nick\Local Settings\{9529000D-65A4-4F4E-951F-C05B51DFE045}
2012-06-27 15:40 - 2012-06-27 15:40 - 00000000 ____D C:\Users\nick\AppData\Local\{9529000D-65A4-4F4E-951F-C05B51DFE045}
2012-06-27 03:40 - 2012-06-27 03:40 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{18AF6DF1-2594-4120-AD84-3C90F31C44FF}
2012-06-27 03:40 - 2012-06-27 03:40 - 00000000 ____D C:\Users\nick\Local Settings\{18AF6DF1-2594-4120-AD84-3C90F31C44FF}
2012-06-27 03:40 - 2012-06-27 03:40 - 00000000 ____D C:\Users\nick\AppData\Local\{18AF6DF1-2594-4120-AD84-3C90F31C44FF}
2012-06-26 15:40 - 2012-06-26 15:40 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{252928CE-F5C4-489D-A44A-859A981A85B8}
2012-06-26 15:40 - 2012-06-26 15:40 - 00000000 ____D C:\Users\nick\Local Settings\{252928CE-F5C4-489D-A44A-859A981A85B8}
2012-06-26 15:40 - 2012-06-26 15:40 - 00000000 ____D C:\Users\nick\AppData\Local\{252928CE-F5C4-489D-A44A-859A981A85B8}
2012-06-26 03:39 - 2012-06-26 03:39 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{6244D029-29D7-433C-B42E-D976AAC0EFC5}
2012-06-26 03:39 - 2012-06-26 03:39 - 00000000 ____D C:\Users\nick\Local Settings\{6244D029-29D7-433C-B42E-D976AAC0EFC5}
2012-06-26 03:39 - 2012-06-26 03:39 - 00000000 ____D C:\Users\nick\AppData\Local\{6244D029-29D7-433C-B42E-D976AAC0EFC5}
2012-06-25 15:39 - 2012-06-25 15:39 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{E265BF37-C413-4B2D-B5FB-44FACD631B3C}
2012-06-25 15:39 - 2012-06-25 15:39 - 00000000 ____D C:\Users\nick\Local Settings\{E265BF37-C413-4B2D-B5FB-44FACD631B3C}
2012-06-25 15:39 - 2012-06-25 15:39 - 00000000 ____D C:\Users\nick\AppData\Local\{E265BF37-C413-4B2D-B5FB-44FACD631B3C}
2012-06-25 03:38 - 2012-06-25 03:39 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{63319092-17A7-4A1D-88C0-2D4F09080F0B}
2012-06-25 03:38 - 2012-06-25 03:39 - 00000000 ____D C:\Users\nick\Local Settings\{63319092-17A7-4A1D-88C0-2D4F09080F0B}
2012-06-25 03:38 - 2012-06-25 03:39 - 00000000 ____D C:\Users\nick\AppData\Local\{63319092-17A7-4A1D-88C0-2D4F09080F0B}
2012-06-24 15:38 - 2012-06-24 15:38 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{8D698E9A-669C-49EF-A0A7-5E86EFB6D336}
2012-06-24 15:38 - 2012-06-24 15:38 - 00000000 ____D C:\Users\nick\Local Settings\{8D698E9A-669C-49EF-A0A7-5E86EFB6D336}
2012-06-24 15:38 - 2012-06-24 15:38 - 00000000 ____D C:\Users\nick\AppData\Local\{8D698E9A-669C-49EF-A0A7-5E86EFB6D336}
2012-06-24 12:23 - 2012-06-24 12:23 - 00000000 ____D C:\Users\nick\Local Settings\Macromedia
2012-06-24 12:23 - 2012-06-24 12:23 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\Macromedia
2012-06-24 12:23 - 2012-06-24 12:23 - 00000000 ____D C:\Users\nick\AppData\Local\Macromedia
2012-06-24 03:38 - 2012-06-24 03:38 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{7E974CA2-2545-407E-AFB3-C5606C29556D}
2012-06-24 03:38 - 2012-06-24 03:38 - 00000000 ____D C:\Users\nick\Local Settings\{7E974CA2-2545-407E-AFB3-C5606C29556D}
2012-06-24 03:38 - 2012-06-24 03:38 - 00000000 ____D C:\Users\nick\AppData\Local\{7E974CA2-2545-407E-AFB3-C5606C29556D}
2012-06-23 15:37 - 2012-06-23 15:37 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{755E69C4-B1E7-4231-BA8D-D0EEFF79D371}
2012-06-23 15:37 - 2012-06-23 15:37 - 00000000 ____D C:\Users\nick\Local Settings\{755E69C4-B1E7-4231-BA8D-D0EEFF79D371}
2012-06-23 15:37 - 2012-06-23 15:37 - 00000000 ____D C:\Users\nick\AppData\Local\{755E69C4-B1E7-4231-BA8D-D0EEFF79D371}
2012-06-23 03:37 - 2012-06-23 03:37 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{DA0DD8DF-A056-455E-8300-55142E6333FA}
2012-06-23 03:37 - 2012-06-23 03:37 - 00000000 ____D C:\Users\nick\Local Settings\{DA0DD8DF-A056-455E-8300-55142E6333FA}
2012-06-23 03:37 - 2012-06-23 03:37 - 00000000 ____D C:\Users\nick\AppData\Local\{DA0DD8DF-A056-455E-8300-55142E6333FA}
2012-06-22 15:36 - 2012-06-22 15:37 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{C07023A8-C579-439D-AC0E-88AFA600E1AC}
2012-06-22 15:36 - 2012-06-22 15:37 - 00000000 ____D C:\Users\nick\Local Settings\{C07023A8-C579-439D-AC0E-88AFA600E1AC}
2012-06-22 15:36 - 2012-06-22 15:37 - 00000000 ____D C:\Users\nick\AppData\Local\{C07023A8-C579-439D-AC0E-88AFA600E1AC}
2012-06-22 05:29 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 05:29 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 05:29 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 05:29 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 05:29 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 05:29 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 05:29 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 05:29 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 05:29 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 03:36 - 2012-06-22 03:36 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{D42A03FE-7608-4590-BE4C-ECDE22503198}
2012-06-22 03:36 - 2012-06-22 03:36 - 00000000 ____D C:\Users\nick\Local Settings\{D42A03FE-7608-4590-BE4C-ECDE22503198}
2012-06-22 03:36 - 2012-06-22 03:36 - 00000000 ____D C:\Users\nick\AppData\Local\{D42A03FE-7608-4590-BE4C-ECDE22503198}
2012-06-21 15:36 - 2012-06-21 15:36 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{6788213E-C08D-4BA6-8D71-D955CD0D795A}
2012-06-21 15:36 - 2012-06-21 15:36 - 00000000 ____D C:\Users\nick\Local Settings\{6788213E-C08D-4BA6-8D71-D955CD0D795A}
2012-06-21 15:36 - 2012-06-21 15:36 - 00000000 ____D C:\Users\nick\AppData\Local\{6788213E-C08D-4BA6-8D71-D955CD0D795A}
2012-06-21 03:35 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{27B9DD60-579A-43E1-9EC4-BA61BFB6A17C}
2012-06-21 03:35 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\Local Settings\{27B9DD60-579A-43E1-9EC4-BA61BFB6A17C}
2012-06-21 03:35 - 2012-06-29 03:42 - 00000000 ____D C:\Users\nick\AppData\Local\{27B9DD60-579A-43E1-9EC4-BA61BFB6A17C}
2012-06-21 03:35 - 2012-06-21 03:35 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{A3C7D3D9-E411-4B36-B7A2-2D0629E19B2C}
2012-06-21 03:35 - 2012-06-21 03:35 - 00000000 ____D C:\Users\nick\Local Settings\{A3C7D3D9-E411-4B36-B7A2-2D0629E19B2C}
2012-06-21 03:35 - 2012-06-21 03:35 - 00000000 ____D C:\Users\nick\AppData\Local\{A3C7D3D9-E411-4B36-B7A2-2D0629E19B2C}
2012-06-20 15:34 - 2012-06-26 17:46 - 00000000 ____D C:\Users\nick\Application Data\Windows Live Writer
2012-06-20 15:34 - 2012-06-26 17:46 - 00000000 ____D C:\Users\nick\AppData\Roaming\Windows Live Writer
2012-06-20 15:34 - 2012-06-20 15:35 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{BCF7DFC4-0E22-4705-8325-75FA7F3ED60E}
2012-06-20 15:34 - 2012-06-20 15:35 - 00000000 ____D C:\Users\nick\Local Settings\{BCF7DFC4-0E22-4705-8325-75FA7F3ED60E}
2012-06-20 15:34 - 2012-06-20 15:35 - 00000000 ____D C:\Users\nick\AppData\Local\{BCF7DFC4-0E22-4705-8325-75FA7F3ED60E}
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\Local Settings\Windows Live Writer
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\Windows Live Writer
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{4975C16C-EB7A-4414-9C65-3FB00F3891B1}
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\Local Settings\{4975C16C-EB7A-4414-9C65-3FB00F3891B1}
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\AppData\Local\Windows Live Writer
2012-06-20 15:34 - 2012-06-20 15:34 - 00000000 ____D C:\Users\nick\AppData\Local\{4975C16C-EB7A-4414-9C65-3FB00F3891B1}
2012-06-20 10:42 - 2012-06-20 10:42 - 00000000 ____D C:\Users\nick\Local Settings\Application Data\{09B42634-A4FD-43C1-BD2E-FED6D6081497}
2012-06-20 10:42 - 2012-06-20 10:42 - 00000000 ____D C:\Users\nick\Local Settings\{09B42634-A4FD-43C1-BD2E-FED6D6081497}
2012-06-20 10:42 - 2012-06-20 10:42 - 00000000 ____D C:\Users\nick\AppData\Local\{09B42634-A4FD-43C1-BD2E-FED6D6081497}
2012-06-20 10:36 - 2012-06-20 10:36 - 00000000 ____D C:\Windows\en
2012-06-20 10:32 - 2012-06-20 10:32 - 00000000 ____D C:\Program Files\Windows Live
2012-06-13 02:01 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 02:01 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 02:01 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 02:01 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 02:01 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 02:01 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 02:01 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 02:01 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 02:01 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 02:01 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 02:01 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 02:01 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 02:00 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 02:00 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 02:00 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 02:00 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 02:00 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 02:00 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 02:00 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 02:00 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 02:00 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 02:00 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 02:00 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 02:00 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 02:00 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 02:00 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 02:00 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 02:00 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 17:05 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 17:05 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 17:05 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 17:04 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:04 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:04 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 17:04 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 17:04 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 17:04 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 17:04 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 17:04 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 17:04 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 17:04 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 17:04 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 17:04 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 17:04 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 17:04 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

============ 3 Months Modified Files ========================

2012-07-04 19:09 - 2009-07-14 00:10 - 02069655 ____A C:\Windows\WindowsUpdate.log
2012-07-04 19:05 - 2010-09-22 20:18 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-04 18:56 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 18:56 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 18:49 - 2010-09-22 20:18 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-04 18:48 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-04 18:48 - 2009-07-13 23:51 - 00090927 ____A C:\Windows\setupact.log
2012-07-04 17:27 - 2012-05-06 10:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-03 19:49 - 2009-07-14 00:13 - 00746060 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-03 19:42 - 2012-06-30 19:33 - 02145779 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-03 19:42 - 2010-09-16 00:24 - 00582750 ____A C:\Windows\PFRO.log
2012-07-03 16:38 - 2012-07-03 16:38 - 00064606 ____A C:\Users\nick\Desktop\TheHouseSpeaker.com Keyword Research.xlsx
2012-07-03 14:09 - 2012-07-03 14:09 - 00026244 ____A C:\ComboFix.txt
2012-07-03 14:08 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-07-03 13:19 - 2012-07-02 10:19 - 00005298 ____A C:\Users\nick\Desktop\unhide.txt
2012-07-02 08:41 - 2012-07-02 08:41 - 00000000 ____A C:\Users\nick\defogger_reenable
2012-07-01 20:14 - 2012-06-30 20:11 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-07-01 20:14 - 2012-06-30 20:11 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-07-01 08:47 - 2009-07-13 21:34 - 86769664 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-01 08:47 - 2009-07-13 21:34 - 16777216 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-01 08:47 - 2009-07-13 21:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-01 08:47 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-01 08:47 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-01 08:28 - 2012-07-01 08:28 - 00000424 ____A C:\blitzblank.log
2012-07-01 08:28 - 2009-07-13 18:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\Local Settings\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\Local Settings\Application Data\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00173853 ____A C:\Users\nick\AppData\Local\census.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\Local Settings\ars.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\Local Settings\Application Data\ars.cache
2012-06-30 18:01 - 2012-06-30 18:01 - 00156602 ____A C:\Users\nick\AppData\Local\ars.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\Local Settings\housecall.guid.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\Local Settings\Application Data\housecall.guid.cache
2012-06-30 17:58 - 2012-06-30 17:58 - 00000036 ____A C:\Users\nick\AppData\Local\housecall.guid.cache
2012-06-30 17:53 - 2012-06-29 15:42 - 00000395 ____A C:\rkill.log
2012-06-30 17:48 - 2012-06-30 17:48 - 290142936 ____A C:\regbackup.reg
2012-06-29 16:41 - 2012-06-29 16:41 - 00000103 ____A C:\Users\nick\Desktop\techspot.txt
2012-06-29 16:33 - 2012-06-29 16:33 - 04731392 ____A (AVAST Software) C:\Users\nick\Desktop\aswMBR.com
2012-06-29 16:10 - 2010-09-22 15:20 - 00000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-06-29 15:40 - 2012-01-10 12:26 - 00126956 ____A C:\Users\nick\.ranktracker.properties
2012-06-23 18:40 - 2012-01-10 09:25 - 00195841 ____A C:\Users\nick\.spyglass.properties
2012-06-23 08:27 - 2012-05-06 10:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 08:27 - 2012-05-06 10:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-20 10:30 - 2010-09-15 22:44 - 00101988 ____A C:\Windows\DirectX.log
2012-06-14 11:31 - 2012-06-30 19:36 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-14 11:31 - 2012-06-30 19:36 - 01681368 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-14 11:31 - 2012-06-30 19:36 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-14 11:31 - 2012-06-30 19:36 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-14 11:31 - 2012-06-30 19:36 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-06-14 10:03 - 2012-06-30 19:36 - 00003488 ____A C:\Windows\UDB.zip
2012-06-14 10:03 - 2012-06-30 19:36 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-14 10:03 - 2012-06-30 19:36 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-14 10:03 - 2012-06-30 19:36 - 00000131 ____A C:\Windows\IDB.zip
2012-06-13 02:29 - 2009-07-13 23:45 - 00466480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 02:07 - 2011-05-29 17:11 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-05 02:37 - 2012-06-30 17:58 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-03 11:09 - 2012-07-03 13:19 - 00001139 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-06-03 11:09 - 2012-07-03 13:19 - 00001139 ____A C:\Users\All Users\Desktop\Yahoo! Messenger.lnk
2012-06-02 17:19 - 2012-06-22 05:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 05:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 05:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 05:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 05:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 05:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 05:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 05:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 05:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 09:45 - 2012-07-03 13:18 - 00000993 ____A C:\Users\Public\Desktop\Localizer Leads Tool.lnk
2012-05-28 09:45 - 2012-07-03 13:18 - 00000993 ____A C:\Users\All Users\Desktop\Localizer Leads Tool.lnk
2012-05-27 16:07 - 2012-05-27 16:07 - 00001217 ____A C:\Users\nick\Desktop\FrostWire 5.3.6.lnk
2012-05-27 15:55 - 2012-07-03 13:18 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-27 15:55 - 2012-07-03 13:18 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-05-18 20:13 - 2011-11-16 21:24 - 00003584 ____A C:\Users\nick\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 20:13 - 2011-11-16 21:24 - 00003584 ____A C:\Users\nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 20:13 - 2011-11-16 21:24 - 00003584 ____A C:\Users\nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 10:28 - 2012-07-03 13:19 - 00000901 ____A C:\Users\Public\Desktop\Moyea SWF to Video Converter Standard.lnk
2012-05-18 10:28 - 2012-07-03 13:19 - 00000901 ____A C:\Users\All Users\Desktop\Moyea SWF to Video Converter Standard.lnk
2012-05-18 10:22 - 2012-07-03 13:18 - 00001170 ____A C:\Users\Public\Desktop\Camtasia Studio 7.lnk
2012-05-18 10:22 - 2012-07-03 13:18 - 00001170 ____A C:\Users\All Users\Desktop\Camtasia Studio 7.lnk
2012-05-17 21:47 - 2012-06-13 02:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-13 02:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-13 02:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-13 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:59 - 2012-06-13 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:58 - 2012-06-13 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:58 - 2012-06-13 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:56 - 2012-06-13 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-13 02:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-13 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-13 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-13 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-13 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-13 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-13 02:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-13 02:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-13 02:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-13 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-13 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-13 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-13 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-13 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-13 02:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-13 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-13 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-13 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-13 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-13 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 16:46 - 2012-07-03 13:19 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-15 16:46 - 2012-07-03 13:19 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-05-14 20:32 - 2012-06-12 17:04 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 10:14 - 2012-06-30 19:35 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-05-11 10:14 - 2012-06-30 19:33 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-05-11 10:13 - 2012-06-30 19:36 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-05-11 10:09 - 2012-06-30 19:36 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-05-11 10:08 - 2012-06-30 19:36 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-05-05 21:17 - 2012-05-05 21:17 - 00002631 ____A C:\Users\nick\Desktop\Jing.lnk
2012-05-04 06:06 - 2012-06-12 17:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-12 17:04 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-12 17:04 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-12 17:04 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 22:55 - 2012-06-12 17:04 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-12 17:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-12 17:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-12 17:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:37 - 2012-06-12 17:04 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-12 17:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-12 17:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-12 17:04 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-12 17:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-12 17:04 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 11:36 - 2012-06-30 19:33 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-07 07:31 - 2012-06-12 17:04 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-12 17:04 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


ZeroAccess:
C:\Windows\Installer\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}
C:\Windows\Installer\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\L
C:\Windows\Installer\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\U

ZeroAccess:
C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}
C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\@
C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\L
C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6143.3 MB
Available physical RAM: 5411.13 MB
Total Pagefile: 6141.45 MB
Available Pagefile: 5404.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.88 GB) (Free:775.68 GB) NTFS
7 Drive i: (KINGSTON) (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT
8 Drive j: (RECOVERY) (Fixed) (Total:10.59 GB) (Free:4.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 Online 123 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 920 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I KINGSTON FAT Removable 122 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 23:52

======================= End Of Log ==========================

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 04 July 2012 - 07:51 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}
C:\Users\nick\AppData\Local\{c01f7071-09d4-e9a7-b674-6a25cef8a40f}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users