Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infeced Machine - Google Links Redirected, Sounds Phantom Playing


  • This topic is locked This topic is locked
43 replies to this topic

#1 sean1972

sean1972

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 July 2012 - 12:07 PM

Dear Expersts

I have been a spectator for a while using this website to widen my knowledge and it is very much appreciated what you guys are doing here.

Let me thank you guys/gals in advance for your time and help.

Last week my machine was infected with a rootkit virus and I have failed to remove it. I am a computer guy and I fixed hundreds of infected machines in the past but this one gets me!

The symptoms are:

1. Google links are redirected.
2. Every so often (sometimes 5 times an hour sometimes once very two hours) explorer.exe will open up multiple tcp connections to servers and ip addresses that I don't recognize and play random but repetative commertials/radio stations sounds bytes. Ususally not a complete commercial and it usually last for 5-10 seconds.
3. Once in a while (once or twice a day) a window titled "message from webpage" will be opened by explorer.exe with a lable "Thanks" and a button "OK".

I used AVG, ESET, Microsoft Security Essentials, Exterminate It, Malwarebytes, CCleaner and ComboFix and by now all scans gives the computer a clean bill of health but the symptoms are not removed.

Five days ago eset gave me this report but now it gives a clean report.

C:\$RECYCLE.BIN\S-1-5-21-266775593-2276910581-870900397-1000\$R3DXH1U.txt Eicar test file cleaned by deleting - quarantined
C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

I use AnVir to follow the explorer.exe process and I have a report of the tcp connections it creates right before playing the sound and I will post it if you would ask me to.

Following you will find all the reports you have asked in the Preperation Guide.

Once again thanks, yur help is truly appreaciated.

Sean



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 28/07/2012 (Sean Einy)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



OTL logfile created on: 7/28/2012 11:54:05 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Sean Einy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 49.81% Memory free
11.82 Gb Paging File | 6.99 Gb Available in Paging File | 59.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.71 Gb Total Space | 210.03 Gb Free Space | 36.11% Space Free | Partition Type: NTFS

Computer Name: SEANEINY-LT | User Name: Sean Einy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 10:42:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Sean Einy\Downloads\OTL.exe
PRC - [2012/07/25 09:25:32 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/14 11:38:54 | 006,080,112 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/25 09:25:39 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/07/25 09:25:32 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/03/16 14:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 17:08:14 | 000,122,720 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/20 18:43:38 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/16 10:18:12 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/10/20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/10/18 19:28:48 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/17 10:14:34 | 000,531,832 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/09/01 12:00:06 | 000,911,872 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/01 11:54:22 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/07/28 10:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/07/26 14:13:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/22 08:33:11 | 000,179,712 | ---- | M] (Cougar Mountain Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Cougar Mountain Software\Denali\CMSLicenseService.exe -- (CMSLicenseService)
SRV - [2011/12/22 05:31:08 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/11/09 00:24:42 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\759\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 03:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 16:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 09:25:40 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/06/09 20:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 22:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/09 22:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/18 14:45:46 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/23 19:25:56 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 00:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/28 11:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/07/12 11:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/17 06:09:04 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
DRV:64bit: - [2010/05/16 17:28:36 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/05/16 17:28:28 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 17:28:26 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/03/12 19:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2010/03/11 20:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/03 04:06:36 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/03 04:06:36 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {06EAC5F6-CB1A-4EFB-9E32-8F7109F62A99}
IE:64bit: - HKLM\..\SearchScopes\{06EAC5F6-CB1A-4EFB-9E32-8F7109F62A99}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {06EAC5F6-CB1A-4EFB-9E32-8F7109F62A99}
IE - HKLM\..\SearchScopes\{06EAC5F6-CB1A-4EFB-9E32-8F7109F62A99}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D92D30EE-9D41-4315-B197-AC1F34E80E1E}&mid=511a3b52c88e47d0a0b96939b2a8187e-e4e20aace1ef4c0012e0809ef5978d969aa6b4b2&lang=en&ds=AVG&pr=pr&d=2012-07-25 09:25:43&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sean Einy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean Einy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean Einy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Sean Einy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/14 07:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/10 16:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/25 09:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/25 09:25:56 | 000,000,000 | ---D | M]

[2011/04/27 12:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean Einy\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sean Einy\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Sean Einy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sean Einy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Sean Einy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\Sean Einy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: AVG Do Not Track = C:\Users\Sean Einy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sean Einy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/07/28 05:37:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra Button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: freestockcharts.com ([www] http in Trusted sites)
O16 - DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} http://99.66.30.201/WATCH_16R.cab (WATCH_16R Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/nbr/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1369DE61-AAE1-41CD-89A3-D9BAA5F7CF1C}: DhcpNameServer = 83.224.70.78 83.224.70.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4529415C-FBE7-4CB1-90A6-8C985949D998}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\759\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^Users^Sean Einy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Best Buy pc app - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: eO5n4fG5kp5RHK - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Sean Einy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Sean Einy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GoToAssist Express Expert - hkey= - key= - C:\Users\Sean Einy\AppData\Local\Citrix\GoToAssist Express Expert\330\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
MsConfig:64bit - StartUpReg: hkarUPRvGgiU.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
MsConfig:64bit - StartUpReg: IntelWirelessWiMAX - hkey= - key= - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
MsConfig:64bit - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ModemListener - hkey= - key= - C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe ()
MsConfig:64bit - StartUpReg: MSC - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: ThpSrv - hkey= - key= - C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: ToshibaAppPlace - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TSleepSrv - hkey= - key= - C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 08:15:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/28 06:00:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/28 03:23:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/27 15:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/07/27 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/07/27 13:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedTestPro
[2012/07/27 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedTestPro
[2012/07/27 13:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AF Uninstalls
[2012/07/27 12:45:58 | 000,021,568 | ---- | C] ( Fluke Networks Inc.) -- C:\windows\SysNative\amdriver_x64.sys
[2012/07/27 12:45:55 | 000,055,360 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\SysNative\drivers\amtransv_x64.sys
[2012/07/27 12:42:55 | 000,032,768 | ---- | C] (AirMagnet) -- C:\windows\SysWow64\AmDriver.dll
[2012/07/27 12:42:55 | 000,010,240 | ---- | C] ( Fluke Networks Inc.) -- C:\windows\SysWow64\AmDriver.sys
[2012/07/27 12:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Crystal Decisions
[2012/07/27 12:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirMagnet Inc
[2012/07/26 17:50:15 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\Sean Einy\Desktop\ComboFix.exe
[2012/07/26 17:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/26 17:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/26 17:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/07/26 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/26 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by AnVir)
[2012/07/26 14:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/26 09:53:50 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\ChemTable Software
[2012/07/26 09:53:38 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\ChemTable Software
[2012/07/26 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVir Task Manager Pro
[2012/07/26 02:16:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/26 02:16:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/26 02:16:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/26 02:11:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/25 13:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/25 13:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/25 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\AVG
[2012/07/25 09:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/25 09:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/07/25 09:26:31 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\AVG2012
[2012/07/25 09:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/25 09:26:00 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\AVG Secure Search
[2012/07/25 09:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/25 09:25:40 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/07/25 09:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/25 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/25 09:24:26 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2012/07/25 09:22:48 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/25 09:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/25 09:22:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2012/07/25 09:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/25 09:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/24 11:18:05 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/07/23 10:20:08 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\Curiolab
[2012/07/23 10:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/07/23 10:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/07/23 09:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\GetRightToGo
[2012/07/23 09:30:34 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/07/23 03:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ewido anti-malware
[2012/07/22 20:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 20:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/22 16:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/22 16:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/22 16:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/22 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/22 16:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/22 12:57:46 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\f-secure
[2012/07/22 12:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/07/21 11:46:36 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/07/21 09:55:27 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/21 09:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2012/07/21 01:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/21 01:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/21 01:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/21 01:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Roaming\Malwarebytes
[2012/07/21 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/18 08:22:46 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{DBA9C281-2264-4184-A9A4-19D7B845F9E8}
[2012/07/18 08:22:34 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{1842D095-D22D-4510-B0CD-C1E9E260685F}
[2012/07/15 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{72733EA5-C2A4-4E86-9F07-D737F7914D16}
[2012/07/15 14:41:57 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{11AA586B-B047-4548-ACE9-B074734BE411}
[2012/07/14 18:32:51 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{15B67294-1BDE-46EF-A70B-687186A9BB9F}
[2012/07/14 18:32:39 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{06C42994-6CAE-42A2-8D01-4030A9C36B9B}
[2012/07/14 18:32:25 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\Tracing
[2012/07/14 18:30:10 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/07/14 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{0715E8B1-5250-453C-939C-26EE51D3C16F}
[2012/07/14 18:23:21 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{99971E97-A739-45D7-8CF4-2681688E4C02}
[2012/07/14 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{EA9793E5-5BB9-447B-87C2-C7465E0D399A}
[2012/07/14 18:22:58 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{9B3E6804-B06F-43DB-882F-B44E7CB3B18E}
[2012/07/07 18:56:44 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{9561ABDE-0FF0-491D-9716-51EE651F8428}
[2012/07/07 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Sean Einy\AppData\Local\{F04CEB5C-E7B7-4E3A-8F03-445721544307}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 12:01:04 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
[2012/07/28 11:52:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 11:42:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 10:59:02 | 000,000,944 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
[2012/07/28 10:52:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 10:20:01 | 000,000,887 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections10.htm
[2012/07/28 09:44:44 | 000,000,887 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections9.htm
[2012/07/28 08:52:56 | 000,013,351 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections8.htm
[2012/07/28 08:49:26 | 000,005,012 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections7.htm
[2012/07/28 08:47:04 | 000,004,204 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections6.htm
[2012/07/28 05:37:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/28 04:12:04 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 04:12:04 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 04:09:48 | 000,863,096 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/28 04:09:48 | 000,721,362 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/28 04:09:48 | 000,143,454 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/28 04:04:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/28 04:04:07 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 03:20:44 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\Sean Einy\Desktop\ComboFix.exe
[2012/07/28 02:55:56 | 102,354,748 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 02:01:01 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
[2012/07/27 14:49:24 | 000,001,429 | ---- | M] () -- C:\Users\Sean Einy\Desktop\CopyTrans Control Center.lnk
[2012/07/27 13:59:01 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
[2012/07/27 12:44:52 | 000,017,486 | ---- | M] () -- C:\windows\SysNative\drivers\etc\services
[2012/07/26 20:27:52 | 000,002,336 | ---- | M] () -- C:\Users\Sean Einy\Documents\AnVir_Connections5.htm
[2012/07/26 20:12:07 | 000,025,677 | ---- | M] () -- C:\Users\Sean Einy\Documents\AnVir_Connections4.htm
[2012/07/26 19:53:59 | 000,013,224 | ---- | M] () -- C:\Users\Sean Einy\Documents\AnVir_Connections3.htm
[2012/07/26 18:41:32 | 000,001,448 | ---- | M] () -- C:\Users\Sean Einy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/26 18:00:03 | 000,002,446 | ---- | M] () -- C:\Users\Sean Einy\Desktop\Document.rtf
[2012/07/26 17:46:21 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/07/26 17:40:08 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/26 17:37:32 | 000,001,275 | ---- | M] () -- C:\Users\Sean Einy\Desktop\Revo Uninstaller.lnk
[2012/07/26 16:38:58 | 000,016,233 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections1.htm
[2012/07/26 16:11:51 | 000,011,433 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections.htm
[2012/07/26 15:10:39 | 000,031,252 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/26 09:53:37 | 000,001,121 | ---- | M] () -- C:\Users\Sean Einy\Application Data\Microsoft\Internet Explorer\Quick Launch\AnVir Task Manager Pro.lnk
[2012/07/26 09:53:37 | 000,001,097 | ---- | M] () -- C:\Users\Sean Einy\Desktop\AnVir Task Manager Pro.lnk
[2012/07/25 09:35:02 | 000,027,520 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\dt.dat
[2012/07/25 09:26:03 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/25 09:25:40 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/07/25 09:24:26 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/25 09:24:26 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/25 09:24:26 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/24 23:35:15 | 000,880,682 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/24 20:02:33 | 005,113,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/24 15:10:19 | 000,001,303 | ---- | M] () -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/23 19:31:55 | 000,259,939 | ---- | M] () -- C:\Users\Sean Einy\Desktop\dang.psd
[2012/07/23 17:49:18 | 000,001,456 | ---- | M] () -- C:\Users\Sean Einy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/23 17:49:17 | 000,027,886 | ---- | M] () -- C:\Users\Sean Einy\Desktop\danggggggggg.jpg
[2012/07/23 17:30:21 | 000,021,493 | ---- | M] () -- C:\Users\Sean Einy\Desktop\Dangggg.jpg
[2012/07/23 17:21:40 | 000,029,164 | ---- | M] () -- C:\Users\Sean Einy\Desktop\photo.PNG
[2012/07/23 10:10:20 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/07/22 23:42:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/22 21:38:39 | 000,000,053 | ---- | M] () -- C:\windows\wininit.ini
[2012/07/22 20:01:05 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 16:41:14 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/21 19:10:22 | 000,001,440 | -HS- | M] () -- C:\windows\4837805drv.spi
[2012/07/11 19:37:46 | 001,842,504 | ---- | M] () -- C:\Users\Sean Einy\Desktop\Party App.onepkg
[2012/07/11 10:56:57 | 000,002,432 | ---- | M] () -- C:\Users\Sean Einy\Desktop\Google Chrome.lnk
[2012/07/07 16:33:40 | 000,000,978 | ---- | M] () -- C:\Users\Sean Einy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/07 16:33:40 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 10:19:59 | 000,000,887 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections10.htm
[2012/07/28 09:44:38 | 000,000,887 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections9.htm
[2012/07/28 08:52:56 | 000,013,351 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections8.htm
[2012/07/28 08:49:25 | 000,005,012 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections7.htm
[2012/07/28 08:46:59 | 000,004,204 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections6.htm
[2012/07/28 02:55:56 | 102,354,748 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/27 15:16:26 | 000,002,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/07/26 20:27:52 | 000,002,336 | ---- | C] () -- C:\Users\Sean Einy\Documents\AnVir_Connections5.htm
[2012/07/26 20:12:07 | 000,025,677 | ---- | C] () -- C:\Users\Sean Einy\Documents\AnVir_Connections4.htm
[2012/07/26 19:53:59 | 000,013,224 | ---- | C] () -- C:\Users\Sean Einy\Documents\AnVir_Connections3.htm
[2012/07/26 18:41:31 | 000,001,420 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/26 18:41:30 | 000,001,454 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/26 18:41:30 | 000,001,448 | ---- | C] () -- C:\Users\Sean Einy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/26 17:40:08 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/26 17:37:32 | 000,001,275 | ---- | C] () -- C:\Users\Sean Einy\Desktop\Revo Uninstaller.lnk
[2012/07/26 16:38:58 | 000,016,233 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections1.htm
[2012/07/26 16:11:51 | 000,011,433 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir_Connections.htm
[2012/07/26 15:10:39 | 000,031,252 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/26 14:59:50 | 000,002,446 | ---- | C] () -- C:\Users\Sean Einy\Desktop\Document.rtf
[2012/07/26 09:53:37 | 000,001,097 | ---- | C] () -- C:\Users\Sean Einy\Desktop\AnVir Task Manager Pro.lnk
[2012/07/26 02:16:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/26 02:16:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/26 02:16:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/26 02:16:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/26 02:16:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/25 09:35:02 | 000,027,520 | ---- | C] () -- C:\Users\Sean Einy\AppData\Local\dt.dat
[2012/07/25 09:26:03 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/25 09:24:26 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/25 09:24:26 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/25 09:24:26 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/24 15:10:19 | 000,001,303 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/23 19:31:55 | 000,259,939 | ---- | C] () -- C:\Users\Sean Einy\Desktop\dang.psd
[2012/07/23 17:49:17 | 000,027,886 | ---- | C] () -- C:\Users\Sean Einy\Desktop\danggggggggg.jpg
[2012/07/23 17:30:21 | 000,021,493 | ---- | C] () -- C:\Users\Sean Einy\Desktop\Dangggg.jpg
[2012/07/23 17:21:40 | 000,029,164 | ---- | C] () -- C:\Users\Sean Einy\Desktop\photo.PNG
[2012/07/23 10:10:20 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/07/22 20:01:05 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 16:41:14 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/21 19:09:55 | 000,001,440 | -HS- | C] () -- C:\windows\4837805drv.spi
[2012/07/21 09:42:02 | 000,000,053 | ---- | C] () -- C:\windows\wininit.ini
[2012/07/19 14:46:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/19 14:46:45 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/19 14:46:45 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Enterprise Solutions 9.0.lnk
[2012/07/19 14:46:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/19 14:46:45 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/07/19 14:46:45 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/07/19 14:46:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/19 14:46:45 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/07/19 14:46:45 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/07/19 14:46:45 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/07/19 14:46:45 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/07/19 14:46:45 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.6.lnk
[2012/07/19 14:46:45 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/19 14:46:44 | 000,002,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Wireless Display.lnk
[2012/07/19 14:46:44 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyTvIL.lnk
[2012/07/19 14:46:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/19 14:46:44 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/07/19 14:46:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/19 14:46:43 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2.lnk
[2012/07/19 14:46:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/19 14:46:43 | 000,001,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BD DVD PLAYER.lnk
[2012/07/19 14:46:42 | 000,001,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/07/18 08:29:27 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 19:18:14 | 001,842,504 | ---- | C] () -- C:\Users\Sean Einy\Desktop\Party App.onepkg
[2012/07/07 16:33:40 | 000,000,978 | ---- | C] () -- C:\Users\Sean Einy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/08 10:19:54 | 000,004,096 | ---- | C] () -- C:\Users\Sean Einy\AppData\Local\keyfile3.drm
[2012/03/09 18:25:56 | 000,303,444 | ---- | C] () -- C:\Users\Sean Einy\IMG_0607.JPG
[2012/03/08 09:32:15 | 000,284,789 | ---- | C] () -- C:\Users\Sean Einy\IMG_0606.JPG
[2012/03/02 00:35:02 | 000,095,572 | ---- | C] () -- C:\Users\Sean Einy\IMG_7003.jpg
[2012/03/02 00:35:02 | 000,065,166 | ---- | C] () -- C:\Users\Sean Einy\IMG_6201.jpg
[2012/03/02 00:35:02 | 000,056,572 | ---- | C] () -- C:\Users\Sean Einy\IMG_7447.jpg
[2012/03/02 00:35:02 | 000,044,395 | ---- | C] () -- C:\Users\Sean Einy\IMG_7248.jpg
[2012/02/21 19:44:41 | 001,803,999 | ---- | C] () -- C:\Users\Sean Einy\IMG_9270.png
[2012/02/17 12:07:24 | 000,469,259 | ---- | C] () -- C:\Users\Sean Einy\vfr lver and cover.xps
[2012/02/12 12:33:21 | 000,148,917 | ---- | C] () -- C:\Users\Sean Einy\428635_187566244677896_137350106366177_238514_943907922_n.jpg
[2012/02/07 10:44:29 | 000,000,110 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2012/02/05 10:12:37 | 000,000,021 | ---- | C] () -- C:\windows\SurCode.INI
[2012/01/22 08:23:21 | 000,067,855 | ---- | C] () -- C:\Users\Sean Einy\reading letters and numbers.jpg
[2011/12/13 13:21:35 | 000,000,132 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/12/13 13:20:05 | 000,000,132 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/11/12 15:36:22 | 000,005,120 | ---- | C] () -- C:\Users\Sean Einy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 04:13:27 | 000,000,132 | ---- | C] () -- C:\Users\Sean Einy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/24 04:38:08 | 000,001,456 | ---- | C] () -- C:\Users\Sean Einy\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/07/13 22:32:38 | 000,000,308 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/07/13 22:32:38 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/07/13 22:32:20 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/07/13 22:32:20 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7840W.DAT
[2011/07/13 22:31:32 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/07/13 22:31:31 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/07/13 22:31:31 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/07/13 22:31:22 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011/07/13 22:31:15 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011/05/08 13:41:28 | 000,007,603 | ---- | C] () -- C:\Users\Sean Einy\AppData\Local\Resmon.ResmonCfg
[2011/04/26 16:26:30 | 000,000,316 | ---- | C] () -- C:\windows\ODBC.INI
[2011/04/25 21:29:38 | 000,880,682 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/05 03:07:00 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/05 03:07:00 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/01/27 08:55:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2010/11/09 12:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2012/07/24 10:11:20 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\applianz
[2012/03/20 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Autodesk
[2012/07/25 09:40:57 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\AVG
[2012/07/25 09:26:31 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\AVG2012
[2011/08/13 05:07:06 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/26 09:53:50 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\ChemTable Software
[2011/12/28 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Cougar_Mountain_Software
[2012/07/23 10:20:08 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Curiolab
[2011/09/21 04:06:19 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\DVDVideoSoft
[2011/09/21 04:06:05 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/07/22 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\f-secure
[2011/11/16 23:39:01 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Garmin
[2012/07/23 10:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\GetRightToGo
[2011/12/09 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Leadertech
[2012/02/05 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\PACE Anti-Piracy
[2011/05/14 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\SharePod
[2011/07/14 09:09:48 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/08 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Toshiba
[2012/07/28 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\uTorrent
[2011/04/25 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\WinBatch
[2011/09/30 03:26:03 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\Windows Live Writer
[2012/02/20 01:21:02 | 000,000,000 | ---D | M] -- C:\Users\Sean Einy\AppData\Roaming\WindSolutions
[2012/07/27 13:59:01 | 000,000,922 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
[2012/07/28 10:59:02 | 000,000,944 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
[2012/07/24 05:07:49 | 000,032,564 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/28 23:38:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/07/28 06:00:02 | 000,041,822 | ---- | M] () -- C:\ComboFix.txt
[2012/07/28 04:04:07 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 04:04:07 | 2049,642,495 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Files - Unicode (All) ==========
[2011/10/29 02:24:44 | 000,021,889 | ---- | M] ()(C:\Users\Sean Einy\Documents\?? ?? ?? ??? ???????? ????.docx) -- C:\Users\Sean Einy\Documents\לו זה לא היה וירטואלי כרגע.docx
[2011/09/25 04:49:25 | 000,017,042 | ---- | M] ()(C:\Users\Sean Einy\Documents\????-????.docx) -- C:\Users\Sean Einy\Documents\שאול-גבאי.docx
[2011/09/25 02:44:37 | 000,017,042 | ---- | C] ()(C:\Users\Sean Einy\Documents\????-????.docx) -- C:\Users\Sean Einy\Documents\שאול-גבאי.docx
[2011/09/12 16:44:25 | 000,021,889 | ---- | C] ()(C:\Users\Sean Einy\Documents\?? ?? ?? ??? ???????? ????.docx) -- C:\Users\Sean Einy\Documents\לו זה לא היה וירטואלי כרגע.docx
[2011/09/09 04:11:29 | 000,239,942 | ---- | M] ()(C:\Users\Sean Einy\Documents\?????? ???? ?? ????.pdf) -- C:\Users\Sean Einy\Documents\שנוניי לשון של עודד.pdf
[2011/09/09 04:11:28 | 000,239,942 | ---- | C] ()(C:\Users\Sean Einy\Documents\?????? ???? ?? ????.pdf) -- C:\Users\Sean Einy\Documents\שנוניי לשון של עודד.pdf
[2011/09/03 03:38:22 | 000,018,727 | ---- | M] ()(C:\Users\Sean Einy\Documents\?????? ???? ?? ????.docx) -- C:\Users\Sean Einy\Documents\שנוניי לשון של עודד.docx
[2011/09/03 03:38:22 | 000,018,727 | ---- | C] ()(C:\Users\Sean Einy\Documents\?????? ???? ?? ????.docx) -- C:\Users\Sean Einy\Documents\שנוניי לשון של עודד.docx
[2011/08/31 04:38:48 | 000,178,810 | ---- | M] ()(C:\Users\Sean Einy\Documents\??? ???? ??? ???.pdf) -- C:\Users\Sean Einy\Documents\למה ליבך כמו קרח.pdf
[2011/08/31 04:38:47 | 000,178,810 | ---- | C] ()(C:\Users\Sean Einy\Documents\??? ???? ??? ???.pdf) -- C:\Users\Sean Einy\Documents\למה ליבך כמו קרח.pdf
[2011/08/31 04:36:36 | 000,002,970 | ---- | M] ()(C:\Users\Sean Einy\Documents\????? ???? ??? ???? ??? ???.txt) -- C:\Users\Sean Einy\Documents\מילות השיר למה ליבך כמו קרח.txt
[2011/08/31 04:36:36 | 000,002,970 | ---- | C] ()(C:\Users\Sean Einy\Documents\????? ???? ??? ???? ??? ???.txt) -- C:\Users\Sean Einy\Documents\מילות השיר למה ליבך כמו קרח.txt
[2011/08/29 03:16:46 | 000,018,232 | ---- | M] ()(C:\Users\Sean Einy\Documents\????? ?????? ?????? ???? ?????? ??? ????? ?????????? ????? ????? ??????.docx) -- C:\Users\Sean Einy\Documents\תחרות חופשית והגדלת היצע להורדת שכר הדירה ובעיקבותיו הורדת מחירי הדירות.docx
[2011/08/24 07:09:56 | 000,013,360 | ---- | M] ()(C:\Users\Sean Einy\Documents\?????? ?????? ??? ???? ???.docx) -- C:\Users\Sean Einy\Documents\לאיילי המקסים שאת ליבי כבש.docx
[2011/08/23 04:11:56 | 000,013,360 | ---- | C] ()(C:\Users\Sean Einy\Documents\?????? ?????? ??? ???? ???.docx) -- C:\Users\Sean Einy\Documents\לאיילי המקסים שאת ליבי כבש.docx
[2011/08/17 04:57:30 | 000,018,232 | ---- | C] ()(C:\Users\Sean Einy\Documents\????? ?????? ?????? ???? ?????? ??? ????? ?????????? ????? ????? ??????.docx) -- C:\Users\Sean Einy\Documents\תחרות חופשית והגדלת היצע להורדת שכר הדירה ובעיקבותיו הורדת מחירי הדירות.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 998 bytes -> C:\ProgramData\Microsoft:3OuS5vxwInL9PZjpL0e1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:TY8N6KoV6KReKPABPL

< End of report >

BC AdBot (Login to Remove)

 


#2 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 July 2012 - 12:08 PM

My post was too long so I broke in into two posts


OTL Extras logfile created on: 7/28/2012 11:54:05 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Sean Einy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 49.81% Memory free
11.82 Gb Paging File | 6.99 Gb Available in Paging File | 59.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.71 Gb Total Space | 210.03 Gb Free Space | 36.11% Space Free | Partition Type: NTFS

Computer Name: SEANEINY-LT | User Name: Sean Einy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{268A37CF-C48D-447B-9E68-DB0F7CB7FEC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E199B53F-6D8C-464F-A6F4-12DF6F4BC20C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7732825E-582D-4EF0-8935-728FF9395102}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7C158922-1F69-4325-AB5D-906859E7B8DB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2010
"{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutoCAD 2010 - English Version 3" = AutoCAD 2010 - English Version 3
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8890DW
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{045C980B-8C4D-4AC7-9610-C0EE5EAA94D8}" = Microsoft Visual C# Step by Step
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{499A37A3-9A0D-4929-AA3E-588FA230D66F}" = Garmin City Navigator Europe NT 2011.32 Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (CMSDENALI)
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A1334E7-B58E-4650-8671-EDEC132EBCB8}" = Denali
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0015-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010
"{90140000-0015-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0016-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010
"{90140000-0016-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0017-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{6577D8F3-AA3C-4BCF-8263-8B6A3E6BFC98}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2010
"{90140000-0017-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{71D73EA6-F837-4368-B9D2-10D0D112ED74}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0018-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010
"{90140000-0018-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-0019-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010
"{90140000-0019-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001A-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010
"{90140000-001A-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001B-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010
"{90140000-001B-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.OMUI.he-il_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.it-it_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.he-il_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.it-it_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.he-il_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.it-it_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.he-il_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-040D-1000-0000000FF1CE}_Office14.OMUI.he-il_{7B83617F-4668-43FE-93D4-F523A986118F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0410-1000-0000000FF1CE}_Office14.OMUI.it-it_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-002C-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{6DE4A120-C7C5-4DED-AA3E-F32EE37012C5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010
"{90140000-002C-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-0044-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010
"{90140000-0044-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-006E-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{C52DDB57-C2DE-4CBE-ABF8-EF39F9F396B2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010
"{90140000-006E-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010
"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{30CB2A7E-01CF-428F-A639-B43983311EEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010
"{90140000-00BA-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0100-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{1A016848-B5D0-476C-8677-E7B004B471C6}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2010
"{90140000-0100-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{2C8C6BB6-81E2-407E-9780-FD04147198ED}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0101-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{74945BC1-CCF9-4CCE-978F-A475DA4A3468}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2010
"{90140000-0101-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{645C632B-EE9F-43B0-87E1-2546E9232C7F}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A1785DC-3A28-479D-BD63-8DC9F5F60DCE}" = QuickBooks Enterprise Solutions 9.0
"{9A1785DC-3A89-479D-BD63-8DC9F5F60DCE}" = QuickBooks
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A508F716-356E-4746-BA04-EC0B7DD8A5B5}" = Lightspeed 7.0.235.2 SSL
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3926E82-9294-4D22-A8FF-9B3EA8F16840}" = Intel® Wireless Display
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnVir Task Manager Pro" = AnVir Task Manager Pro
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"GoToAssist" = GoToAssist Corporate
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{7A1334E7-B58E-4650-8671-EDEC132EBCB8}" = Denali
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"mytvil" = mytvil
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.OMUI.it-it" = Microsoft Office Language Pack 2010 - Italian/Italiano
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"The Rosetta Stone" = The Rosetta Stone
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"31e2c073ac1d974b" = Sales Dashboard
"5232553a5a8c9d7f" = Financial Dashboard
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome
"GoToAssist Express Expert" = GoToAssist Expert 1.6.0.330
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2012 1:44:54 PM | Computer Name = SeanEiny-LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

Error - 4/4/2012 8:24:59 PM | Computer Name = SeanEiny-LT | Source = Toshiba App Place | ID = 0
Description =

Error - 4/4/2012 8:25:34 PM | Computer Name = SeanEiny-LT | Source = Google Update | ID = 20
Description =

Error - 4/4/2012 8:34:57 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000016404A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000C28

Cleanup:
1

Error - 4/4/2012 8:35:20 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000016404A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000C28

Cleanup:
1

Error - 4/4/2012 8:43:33 PM | Computer Name = SeanEiny-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13b4 Start
Time: 01cd12c3300448eb Termination Time: 21 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 4/4/2012 8:44:16 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000016404A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000C28

Cleanup:
1

Error - 4/5/2012 2:51:54 AM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014A04A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000029F0

Cleanup:
1

Error - 4/5/2012 4:42:37 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014C04A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000021B0

Cleanup:
1

Error - 4/5/2012 4:43:05 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014C04A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000021B0

Cleanup:
1

Error - 4/5/2012 4:54:20 PM | Computer Name = SeanEiny-LT | Source = ESENT | ID = 623
Description = wuaueng.dll (768) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014F04A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000021B0

Cleanup:
1

[ CMSDenali Events ]
Error - 7/21/2012 12:07:38 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 7/21/2012 12:07:58 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 7/21/2012 12:07:58 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1856 <ROOT><MESSAGE>A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
error: 40 - Could not open a connection to SQL Server)</MESSAGE><SOURCE>.Net SqlClient
Data Provider</SOURCE><STACKTRACE> at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at CMSUtil.CLS_SQL.GetSQLData(String p_strSQL, stuSQLConnectionInfo&amp; p_ConInfo,
DataResult&amp; p_result)</STACKTRACE><TARGETSITE>OnError</TARGETSITE></ROOT>

Error - 7/21/2012 12:08:02 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1856 <ROOT><MESSAGE>Cannot find table 0.</MESSAGE><SOURCE>System.Data</SOURCE><STACKTRACE>
at System.Data.DataTableCollection.get_Item(Int32 index) at CMSUtil.FRM_LicenseServer.ServerName(stuServer&amp;
p_stu) at CMSLicenseService.cls_CMSLicenseService.GetPrimaryInfo(stuServer&amp;
stuPrimaryServer, Boolean&amp; bolServerInfoSaved, String&amp; strPort, Boolean
bolInfoInReg) at CMSLicenseService.cls_CMSLicenseService.OnStart(String[] args)</STACKTRACE><TARGETSITE>get_Item</TARGETSITE></ROOT>

Error - 7/21/2012 2:39:37 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 7/21/2012 2:39:55 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 7/21/2012 2:39:55 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1968 <ROOT><MESSAGE>A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
error: 40 - Could not open a connection to SQL Server)</MESSAGE><SOURCE>.Net SqlClient
Data Provider</SOURCE><STACKTRACE> at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at CMSUtil.CLS_SQL.GetSQLData(String p_strSQL, stuSQLConnectionInfo&amp; p_ConInfo,
DataResult&amp; p_result)</STACKTRACE><TARGETSITE>OnError</TARGETSITE></ROOT>

Error - 7/21/2012 2:39:56 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description = Process ID1968 <ROOT><MESSAGE>Cannot find table 0.</MESSAGE><SOURCE>System.Data</SOURCE><STACKTRACE>
at System.Data.DataTableCollection.get_Item(Int32 index) at CMSUtil.FRM_LicenseServer.ServerName(stuServer&amp;
p_stu) at CMSLicenseService.cls_CMSLicenseService.GetPrimaryInfo(stuServer&amp;
stuPrimaryServer, Boolean&amp; bolServerInfoSaved, String&amp; strPort, Boolean
bolInfoInReg) at CMSLicenseService.cls_CMSLicenseService.OnStart(String[] args)</STACKTRACE><TARGETSITE>get_Item</TARGETSITE></ROOT>

Error - 7/26/2012 8:50:43 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

Error - 7/26/2012 8:54:10 PM | Computer Name = SeanEiny-LT | Source = CMSDenali_CMSLicenseService | ID = 5
Description =

[ System Events ]
Error - 7/27/2012 7:58:22 PM | Computer Name = SeanEiny-LT | Source = DCOM | ID = 10016
Description =

Error - 7/28/2012 1:54:38 AM | Computer Name = SeanEiny-LT | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:02 PM on ?7/?27/?2012 was unexpected.

Error - 7/28/2012 1:54:40 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater12.1.5 service failed to start due to the following
error: %%2

Error - 7/28/2012 1:54:40 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/28/2012 1:55:40 AM | Computer Name = SeanEiny-LT | Source = DCOM | ID = 10016
Description =

Error - 7/28/2012 6:45:37 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/28/2012 7:02:38 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/28/2012 7:04:30 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater12.1.5 service failed to start due to the following
error: %%2

Error - 7/28/2012 7:04:30 AM | Computer Name = SeanEiny-LT | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/28/2012 7:05:21 AM | Computer Name = SeanEiny-LT | Source = DCOM | ID = 10016
Description =


< End of report >


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Sean Einy at 14:25:14 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.2853 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\AnVir Task Manager Pro\anvir.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uInternet Settings,ProxyOverride = <local>;*.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} - mscoree.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\SEANEI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: freestockcharts.com\www
DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} - hxxp://99.66.30.201/WATCH_16R.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/nbr/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1369DE61-AAE1-41CD-89A3-D9BAA5F7CF1C} : DhcpNameServer = 83.224.70.78 83.224.70.62
TCP: Interfaces\{4529415C-FBE7-4CB1-90A6-8C985949D998} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\2456C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\2456C6B696E6F574F575962756C6563737F5246443543344 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\34963736F62323531373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\546756E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\951636F62697 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\A5163686162796E45647 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{73E71A5F-D0ED-42E2-A657-1BB1EAECA890}\A5163686162796E45647D27657563747 : DhcpNameServer = 192.168.33.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} - mscoree.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MSSQL$CMSDENALI;SQL Server (CMSDENALI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 CMSLicenseService;CMS License Service;C:\Program Files (x86)\Cougar Mountain Software\Denali\CMSLicenseService.exe [2011-12-22 179712]
S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:\windows\system32\DRIVERS\jrdusbser.sys --> C:\windows\system32\DRIVERS\jrdusbser.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-20 1030600]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-22 655944]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-3-13 54136]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-13 2656280]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-28 15:15:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-28 10:23:02 -------- d-----w- C:\ComboFix
2012-07-27 22:16:13 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-07-27 22:13:01 -------- d-----w- C:\ProgramData\Cisco Systems
2012-07-27 20:18:18 67376 ----a-w- C:\windows\SysWow64\SYSINFO.OCX
2012-07-27 20:18:18 124688 ----a-w- C:\windows\SysWow64\MSWINSCK.OCX
2012-07-27 20:18:17 -------- d-----w- C:\Program Files\SpeedTestPro
2012-07-27 20:17:36 -------- d-----w- C:\Program Files (x86)\AF Uninstalls
2012-07-27 19:45:58 21568 ----a-w- C:\windows\System32\amdriver_x64.sys
2012-07-27 19:45:55 55360 ----a-w- C:\windows\System32\drivers\amtransv_x64.sys
2012-07-27 19:42:55 32768 ----a-w- C:\windows\SysWow64\AmDriver.dll
2012-07-27 19:42:55 10240 ----a-w- C:\windows\SysWow64\AmDriver.sys
2012-07-27 19:42:55 -------- d-----w- C:\Program Files (x86)\Common Files\Crystal Decisions
2012-07-27 19:42:55 -------- d-----w- C:\Program Files (x86)\AirMagnet Inc
2012-07-27 00:40:05 -------- d-----w- C:\Program Files\CCleaner
2012-07-27 00:37:32 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-07-26 21:35:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-26 16:53:50 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\ChemTable Software
2012-07-26 16:53:38 -------- d-----w- C:\Users\Sean Einy\AppData\Local\ChemTable Software
2012-07-26 09:16:46 98816 ----a-w- C:\windows\sed.exe
2012-07-26 09:16:46 518144 ----a-w- C:\windows\SWREG.exe
2012-07-26 09:16:46 256000 ----a-w- C:\windows\PEV.exe
2012-07-26 09:16:46 208896 ----a-w- C:\windows\MBR.exe
2012-07-25 20:02:19 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-25 20:01:53 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-25 16:38:47 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\AVG
2012-07-25 16:26:31 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\AVG2012
2012-07-25 16:26:00 -------- d-----w- C:\Users\Sean Einy\AppData\Local\AVG Secure Search
2012-07-25 16:25:56 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-25 16:25:40 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2012-07-25 16:25:32 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-25 16:25:31 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-25 16:24:26 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-07-25 16:22:48 -------- d-----w- C:\$AVG
2012-07-25 16:22:45 -------- d-----w- C:\windows\System32\drivers\AVG
2012-07-25 16:22:45 -------- d-----w- C:\ProgramData\AVG2012
2012-07-25 16:22:02 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-25 16:15:55 -------- d-----w- C:\ProgramData\MFAData
2012-07-25 06:54:43 328704 ----a-w- C:\windows\System32\services.exe.B1C660915A571BB8
2012-07-25 06:48:33 328704 ----a-w- C:\windows\System32\services.exe.3C5A24DFA322C272
2012-07-24 23:38:59 328704 ----a-w- C:\windows\System32\services.exe.F3B2C6CD35486271
2012-07-24 23:33:57 328704 ----a-w- C:\windows\System32\services.exe.EE4CF34302B892BA
2012-07-24 23:28:21 328704 ----a-w- C:\windows\System32\services.exe.3DFC60C61EDA6A0E
2012-07-24 23:23:19 328704 ----a-w- C:\windows\System32\services.exe.0C3A288AC786442A
2012-07-24 23:15:02 328704 ----a-w- C:\windows\System32\services.exe.278084EE499E4A6F
2012-07-24 23:11:38 328704 ----a-w- C:\windows\System32\services.exe.8E412EE286C6E923
2012-07-24 23:07:26 328704 ----a-w- C:\windows\System32\services.exe.00C00CC71CD36C11
2012-07-24 22:23:09 328704 ----a-w- C:\windows\System32\services.exe.AA8CEEF20C649571
2012-07-24 13:38:10 328704 ----a-w- C:\windows\System32\services.exe.7E060A88476F3F0D
2012-07-24 12:44:12 328704 ----a-w- C:\windows\System32\services.exe.5DB49F46C4F0DB74
2012-07-24 12:38:21 50392 ----a-w- C:\windows\System32\drivers\mifdmeeu.sys
2012-07-24 12:38:21 328704 ----a-w- C:\windows\System32\services.exe.B666882A9274B559
2012-07-24 12:31:58 328704 ----a-w- C:\windows\System32\services.exe.82969D036F721C1D
2012-07-24 12:27:31 328704 ----a-w- C:\windows\System32\services.exe.CF2783C7C8517DF6
2012-07-24 12:23:04 328704 ----a-w- C:\windows\System32\services.exe.A1AFC480A711F13E
2012-07-24 12:18:35 328704 ----a-w- C:\windows\System32\services.exe.765953A4D99D696C
2012-07-24 12:14:07 328704 ----a-w- C:\windows\System32\services.exe.D29F243923D4184C
2012-07-24 12:09:39 328704 ----a-w- C:\windows\System32\services.exe.49E7882FB07DBDB3
2012-07-24 12:05:12 328704 ----a-w- C:\windows\System32\services.exe.90EBD0F3E7F47C46
2012-07-24 12:00:43 328704 ----a-w- C:\windows\System32\services.exe.E9544C650E422BB1
2012-07-24 11:56:15 328704 ----a-w- C:\windows\System32\services.exe.52BEBDCB34A96C96
2012-07-24 11:51:48 328704 ----a-w- C:\windows\System32\services.exe.6D8F7EA2066D84E4
2012-07-24 11:47:21 328704 ----a-w- C:\windows\System32\services.exe.8C83BFB1A20EA796
2012-07-24 11:42:55 328704 ----a-w- C:\windows\System32\services.exe.DB3F258B5D8D74DD
2012-07-24 11:38:27 328704 ----a-w- C:\windows\System32\services.exe.4D30ED45578FCF41
2012-07-24 11:33:59 328704 ----a-w- C:\windows\System32\services.exe.68BDF6E96298D3A4
2012-07-24 11:29:31 328704 ----a-w- C:\windows\System32\services.exe.DE6CCA24BED14E16
2012-07-24 11:25:05 328704 ----a-w- C:\windows\System32\services.exe.C5F7E4052E46E15C
2012-07-24 11:20:36 328704 ----a-w- C:\windows\System32\services.exe.FA66D2EE3ED4A51B
2012-07-24 11:16:08 328704 ----a-w- C:\windows\System32\services.exe.EC38F9F26C51B630
2012-07-24 11:11:40 328704 ----a-w- C:\windows\System32\services.exe.BCAC8E557CCCAA03
2012-07-24 11:07:13 328704 ----a-w- C:\windows\System32\services.exe.5B2B810D9B72B6E6
2012-07-24 11:02:44 328704 ----a-w- C:\windows\System32\services.exe.E0EECC3BD39995D5
2012-07-24 10:58:18 328704 ----a-w- C:\windows\System32\services.exe.1AFAB09BBAC9F30C
2012-07-24 10:53:51 328704 ----a-w- C:\windows\System32\services.exe.001FB67C5BB57632
2012-07-24 10:49:24 328704 ----a-w- C:\windows\System32\services.exe.3AD2F00CAB13D8AD
2012-07-24 10:44:57 328704 ----a-w- C:\windows\System32\services.exe.384413642B855C7B
2012-07-24 10:40:28 328704 ----a-w- C:\windows\System32\services.exe.67BF7FD18B81C7F2
2012-07-24 10:36:02 328704 ----a-w- C:\windows\System32\services.exe.4DF39D05238C2AA2
2012-07-24 10:31:36 328704 ----a-w- C:\windows\System32\services.exe.C614805ADC4830A8
2012-07-24 10:27:10 328704 ----a-w- C:\windows\System32\services.exe.D69F9B3FA4C3F29F
2012-07-24 10:22:42 328704 ----a-w- C:\windows\System32\services.exe.F7D1E34CE377ADAB
2012-07-24 10:18:16 328704 ----a-w- C:\windows\System32\services.exe.3665D2D6D495E639
2012-07-24 10:13:50 328704 ----a-w- C:\windows\System32\services.exe.0244F0CFBF6FEA3D
2012-07-24 10:09:25 328704 ----a-w- C:\windows\System32\services.exe.DA715C0A4AE96788
2012-07-24 10:05:00 328704 ----a-w- C:\windows\System32\services.exe.5176CB65919B1855
2012-07-24 10:00:32 328704 ----a-w- C:\windows\System32\services.exe.215EAC911CE1E6E4
2012-07-24 09:56:06 328704 ----a-w- C:\windows\System32\services.exe.485B5E9D40D93757
2012-07-24 09:51:39 328704 ----a-w- C:\windows\System32\services.exe.96B3CB31A0891BBB
2012-07-24 09:47:14 328704 ----a-w- C:\windows\System32\services.exe.20C3419C59BD625F
2012-07-24 09:42:50 328704 ----a-w- C:\windows\System32\services.exe.7F7BF8580A2AF7AF
2012-07-24 09:38:23 328704 ----a-w- C:\windows\System32\services.exe.7D3046F496668E23
2012-07-24 09:33:58 328704 ----a-w- C:\windows\System32\services.exe.3FF59E1186DE1B70
2012-07-24 09:29:34 328704 ----a-w- C:\windows\System32\services.exe.5D0F0A3D518F25A1
2012-07-24 09:25:09 328704 ----a-w- C:\windows\System32\services.exe.BB1074553884DE53
2012-07-24 09:20:44 328704 ----a-w- C:\windows\System32\services.exe.179FF81814754A27
2012-07-24 09:16:19 328704 ----a-w- C:\windows\System32\services.exe.2A5F7CF2FE1AE0BB
2012-07-24 09:11:53 328704 ----a-w- C:\windows\System32\services.exe.95286B40451E3870
2012-07-24 09:07:29 328704 ----a-w- C:\windows\System32\services.exe.8B785E0454D9CC49
2012-07-24 09:03:06 328704 ----a-w- C:\windows\System32\services.exe.B07AEF26E7C98E75
2012-07-24 08:58:40 328704 ----a-w- C:\windows\System32\services.exe.30FAB4A6448D6068
2012-07-24 08:54:17 328704 ----a-w- C:\windows\System32\services.exe.0E7FF45CCE5EF498
2012-07-24 08:49:53 328704 ----a-w- C:\windows\System32\services.exe.6F5155B228DE671A
2012-07-24 08:45:27 328704 ----a-w- C:\windows\System32\services.exe.9AEEDBBE40BF9571
2012-07-24 08:41:02 328704 ----a-w- C:\windows\System32\services.exe.2D26FF4A49614015
2012-07-24 08:36:37 328704 ----a-w- C:\windows\System32\services.exe.B3FA6B9040CB36B3
2012-07-24 08:32:12 328704 ----a-w- C:\windows\System32\services.exe.78E1C027DBCB0B6E
2012-07-24 08:27:48 328704 ----a-w- C:\windows\System32\services.exe.FA1E4537DA0E5140
2012-07-24 08:23:24 328704 ----a-w- C:\windows\System32\services.exe.C5906740732EC9AD
2012-07-24 08:19:00 328704 ----a-w- C:\windows\System32\services.exe.C9AF9F38D04A3678
2012-07-24 08:14:35 328704 ----a-w- C:\windows\System32\services.exe.1F5706EF5137616D
2012-07-24 08:10:11 328704 ----a-w- C:\windows\System32\services.exe.F7A32F0EB8E2FAFB
2012-07-24 08:05:47 328704 ----a-w- C:\windows\System32\services.exe.D64DFE7CCD2D2E23
2012-07-24 08:01:22 328704 ----a-w- C:\windows\System32\services.exe.08F64B268AD9B423
2012-07-24 07:56:57 328704 ----a-w- C:\windows\System32\services.exe.61F3853271E93FF0
2012-07-24 07:52:36 328704 ----a-w- C:\windows\System32\services.exe.3EF5CD7F4C2AFFC6
2012-07-24 07:48:11 328704 ----a-w- C:\windows\System32\services.exe.73A7CCF70FDAE014
2012-07-24 07:43:46 328704 ----a-w- C:\windows\System32\services.exe.30C80689493F1FF0
2012-07-24 07:39:22 328704 ----a-w- C:\windows\System32\services.exe.D3887067EFD4E7D4
2012-07-24 07:34:59 328704 ----a-w- C:\windows\System32\services.exe.408E896A9023D3F6
2012-07-24 07:30:34 328704 ----a-w- C:\windows\System32\services.exe.8E0E9B8687C1DE92
2012-07-24 07:26:11 328704 ----a-w- C:\windows\System32\services.exe.B4E5116ECDE2E04F
2012-07-24 07:21:47 328704 ----a-w- C:\windows\System32\services.exe.CE15D6E2E12855B3
2012-07-24 07:17:22 328704 ----a-w- C:\windows\System32\services.exe.E2A2D03EE9167DC4
2012-07-24 07:12:58 328704 ----a-w- C:\windows\System32\services.exe.E9D29DE26DBB80C1
2012-07-24 07:08:33 328704 ----a-w- C:\windows\System32\services.exe.5578DF69E13FBA52
2012-07-24 07:04:09 328704 ----a-w- C:\windows\System32\services.exe.45760D635C213098
2012-07-24 06:59:46 328704 ----a-w- C:\windows\System32\services.exe.58831F73499A678E
2012-07-24 06:55:49 328704 ----a-w- C:\windows\System32\services.exe.4E80B3360FD464A7
2012-07-24 06:51:49 328704 ----a-w- C:\windows\System32\services.exe.50EC324537552FFC
2012-07-24 06:47:50 328704 ----a-w- C:\windows\System32\services.exe.D81E6275D0E6D164
2012-07-24 06:43:49 328704 ----a-w- C:\windows\System32\services.exe.6A318BBD25477E69
2012-07-24 06:39:50 328704 ----a-w- C:\windows\System32\services.exe.A4BAE1E4993CDFA6
2012-07-24 06:35:49 328704 ----a-w- C:\windows\System32\services.exe.4493B0C6D3704D36
2012-07-24 06:31:49 328704 ----a-w- C:\windows\System32\services.exe.EA26B17588F85E36
2012-07-24 06:27:45 328704 ----a-w- C:\windows\System32\services.exe.4608B6CC9541F9D6
2012-07-24 06:23:00 328704 ----a-w- C:\windows\System32\services.exe.8742B4E2A7140735
2012-07-24 06:10:45 328704 ----a-w- C:\windows\System32\services.exe.FE46CC01255418A1
2012-07-24 06:06:41 328704 ----a-w- C:\windows\System32\services.exe.16A2DA2B8F2528CF
2012-07-23 17:20:08 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\Curiolab
2012-07-23 17:10:19 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2012-07-23 16:57:20 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\GetRightToGo
2012-07-23 16:30:34 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-23 10:17:02 -------- d-----w- C:\Program Files (x86)\ewido anti-malware
2012-07-23 03:01:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-22 23:40:19 -------- d-----w- C:\Program Files\iPod
2012-07-22 23:40:18 -------- d-----w- C:\Program Files\iTunes
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-22 23:32:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-22 23:24:44 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-07-22 23:24:43 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-07-22 19:57:46 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\f-secure
2012-07-22 19:57:37 -------- d-----w- C:\ProgramData\F-Secure
2012-07-22 19:05:58 955888 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-07-22 19:05:58 839152 ----a-w- C:\windows\System32\deployJava1.dll
2012-07-21 18:46:36 -------- d-----w- C:\windows\pss
2012-07-21 16:42:02 -------- d-----w- C:\ProgramData\PrevxCSI
2012-07-21 08:17:38 -------- d-----w- C:\Users\Sean Einy\AppData\Roaming\Malwarebytes
2012-07-21 08:17:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-18 15:22:46 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{DBA9C281-2264-4184-A9A4-19D7B845F9E8}
2012-07-18 15:22:34 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{1842D095-D22D-4510-B0CD-C1E9E260685F}
2012-07-15 21:42:12 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{72733EA5-C2A4-4E86-9F07-D737F7914D16}
2012-07-15 21:41:57 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{11AA586B-B047-4548-ACE9-B074734BE411}
2012-07-15 01:32:51 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{15B67294-1BDE-46EF-A70B-687186A9BB9F}
2012-07-15 01:32:39 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{06C42994-6CAE-42A2-8D01-4030A9C36B9B}
2012-07-15 01:32:25 -------- d-----w- C:\Users\Sean Einy\Tracing
2012-07-15 01:30:10 -------- d-----w- C:\windows\en
2012-07-15 01:24:06 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86930c281cd622801\DSETUP.dll
2012-07-15 01:24:06 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86930c281cd622801\DXSETUP.exe
2012-07-15 01:24:06 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86930c281cd622801\dsetup32.dll
2012-07-15 01:24:06 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86e8bdb21cd622802\MeshBetaRemover.exe
2012-07-15 01:23:33 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{0715E8B1-5250-453C-939C-26EE51D3C16F}
2012-07-15 01:23:21 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{99971E97-A739-45D7-8CF4-2681688E4C02}
2012-07-15 01:23:10 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{EA9793E5-5BB9-447B-87C2-C7465E0D399A}
2012-07-15 01:22:58 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{9B3E6804-B06F-43DB-882F-B44E7CB3B18E}
2012-07-11 10:07:10 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 05:27:29 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-08 01:56:44 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{9561ABDE-0FF0-491D-9716-51EE651F8428}
2012-07-08 01:56:24 -------- d-----w- C:\Users\Sean Einy\AppData\Local\{F04CEB5C-E7B7-4E3A-8F03-445721544307}
.
==================== Find3M ====================
.
2012-07-27 20:18:18 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-07-27 20:18:18 152848 ----a-w- C:\windows\SysWow64\comdlg32.ocx
2012-07-26 21:13:28 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 21:13:28 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 15:42:43 9822920 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-06 05:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
.
============= FINISH: 14:33:59.01 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/25/2011 8:37:21 PM
System Uptime: 7/28/2012 4:03:32 AM (10 hours ago)
.
Motherboard: TOSHIBA | | PHQAA
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 210.423 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP257: 7/25/2012 9:21:42 AM - Installed AVG 2012
RP258: 7/25/2012 9:22:07 AM - Installed AVG 2012
RP259: 7/25/2012 1:00:54 PM - Installed Java™ 7 Update 5
RP260: 7/25/2012 1:01:57 PM - Installed JavaFX 2.1.1
RP261: 7/25/2012 1:20:58 PM - Windows Modules Installer
RP262: 7/26/2012 9:19:11 AM - Windows Modules Installer
RP263: 7/27/2012 12:42:28 PM - Installed AirMagnet Laptop Demo
RP264: 7/27/2012 12:43:26 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP265: 7/27/2012 12:44:31 PM - Installed CR11Dist
RP266: 7/27/2012 12:45:41 PM - Device Driver Package Install: AirMagnet Network Protocol
RP267: 7/27/2012 12:46:26 PM - Installed 3rd Party Decode Installer
RP268: 7/27/2012 1:03:07 PM - Removed 3rd Party Decode Installer
RP269: 7/27/2012 1:07:38 PM - Removed AirMagnet Laptop Demo
RP270: 7/27/2012 1:08:33 PM - Removed Skype Click to Call
RP271: 7/27/2012 2:21:04 PM - Revo Uninstaller's restore point - Absolute Futurity SpeedTestPro Ver 1.0.736
RP272: 7/28/2012 11:57:38 AM - OTL Restore Point - 7/28/2012 11:57:34 AM
.
==== Installed Programs ======================
.
µTorrent
AC3Filter (remove only)
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.3)
AnVir Task Manager Pro
Apple Application Support
Apple Software Update
AVG PC Tuneup
Brother MFL-Pro Suite MFC-7840W
Brother MFL-Pro Suite MFC-8890DW
CameraHelperMsi
Canon RAW Codec
Cisco Connect
CopyTrans Suite Remove Only
Corel WinDVD
Crystal Reports Basic for Visual Studio 2008
Crystal Reports XI Release 2
Crystal Reports XI Release 2 .NET 2005 Server
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Denali
DivX Setup
E-GOV.IL Sign&Verify Software - AGForm toolbar
erLT
ESET Online Scanner v3
Exterminate It!
Facebook Video Calling 1.2.0.159
Financial Dashboard
Free YouTube to MP3 Converter version 3.10.9.908
Garmin City Navigator Europe NT 2011.32 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GoToAssist Expert 1.6.0.330
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HSPA USB MODEM
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Lightspeed 7.0.235.2 SSL
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Hebrew) 2010
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Hebrew) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Hebrew) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Hebrew) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Language Pack 2010 - Hebrew ?????
Microsoft Office Language Pack 2010 - Italian/Italiano
Microsoft Office O MUI (Hebrew) 2010
Microsoft Office O MUI (Italian) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Hebrew) 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Hebrew) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Hebrew) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Hebrew) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Hebrew) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Hebrew) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Hebrew) 2010
Microsoft Office SharePoint Designer MUI (Italian) 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Hebrew) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Office X MUI (Hebrew) 2010
Microsoft Office X MUI (Italian) 2010
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Primary Interoperability Assemblies 2005
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (CMSDENALI)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C# Step by Step
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiniTool Power Data Recovery
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mytvil
PDF Settings CS5
Picasa 3
PL-2303 USB-to-Serial
PlayReady PC Runtime x86
PxMergeModule
QuickBooks
QuickBooks Enterprise Solutions 9.0
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.94
Sales Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.10
SupportSoft Assisted Service
The Rosetta Stone
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Utility Common Driver
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2008 x64 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 4:05:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/28/2012 4:04:30 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/28/2012 4:04:30 AM, Error: Service Control Manager [7000] - The vToolbarUpdater12.1.5 service failed to start due to the following error: The system cannot find the file specified.
7/28/2012 4:02:38 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/27/2012 4:47:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
7/27/2012 12:55:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:55:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/27/2012 12:55:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/27/2012 12:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/27/2012 12:52:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:51:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/27/2012 12:51:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/27/2012 12:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/27/2012 12:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/27/2012 12:51:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/27/2012 12:51:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/27/2012 12:50:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000046, 0xfffff800036afec8, 0xfffff880023a24a0, 0xfffff880023a2540). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072712-35833-01.
7/27/2012 12:50:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2012 12:50:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 1:02:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
7/26/2012 9:25:48 AM, Error: Microsoft Antimalware [2001] -
7/26/2012 5:51:45 AM, Error: Service Control Manager [7034] - The vToolbarUpdater12.1.5 service terminated unexpectedly. It has done this 1 time(s).
7/26/2012 2:56:14 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/26/2012 12:31:59 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
7/26/2012 1:22:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Browser service to connect.
7/26/2012 1:22:36 AM, Error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2012 1:22:06 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/26/2012 1:22:04 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/26/2012 1:22:04 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/26/2012 1:21:49 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/26/2012 1:06:45 PM, Error: Application Popup [1060] - \??\C:\windows\SysWow64\drivers\extit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2012 9:27:31 AM, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the device specified.
7/25/2012 8:34:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/25/2012 4:55:11 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
7/25/2012 12:49:18 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\ewido anti-malware\guard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/24/2012 6:41:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/24/2012 5:35:17 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 87
7/24/2012 4:23:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/24/2012 11:18:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000020 (0x0000000000000000, 0x000000000000fffe, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072412-79373-01.
7/23/2012 3:27:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ewido security suite guard service.
7/23/2012 3:17:06 AM, Error: Service Control Manager [7030] - The ewido security suite guard service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 3:17:06 AM, Error: Service Control Manager [7030] - The ewido security suite control service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 11:13:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
7/23/2012 11:13:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO MpFilter spldr Wanarpv6
7/23/2012 10:49:26 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
7/23/2012 10:49:26 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
7/23/2012 10:28:45 AM, Error: Service Control Manager [7034] - The ewido security suite control service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 4:38:16 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2012 3:50:13 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/22/2012 12:58:23 PM, Error: Application Popup [1060] - \??\C:\Users\SEANEI~1\AppData\Local\Temp\OnlineScanner\Anti-Vir has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/21/2012 9:08:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
7/21/2012 9:08:25 AM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/21/2012 2:13:33 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2012 2:13:33 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2012 2:13:33 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2012 2:13:33 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
7/21/2012 11:40:41 AM, Error: Service Control Manager [7034] - The CMS License Service service terminated unexpectedly. It has done this 1 time(s).
7/21/2012 11:17:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================


The GMER report comes out blank

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 03 August 2012 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462970 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 03 August 2012 - 01:18 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 12:52 AM

Hi Gringo

Once again thanks for your help

The computer still have same simptoms:
1. It plays music/sounds randomly using explorer.exe
2. Explorer.exe will open a form looking like a websire message saing "Thanks" with "OK" button.
3. Explorer.exe will start multiple tcp connections to multiple ip addresses and domains (not recognized) just before plaing the phantom sounds. These connections actuall upload and dowloads packets ranging from under 1kb to tens of kb using ports between 40000 and 60000
4. explorer.exe will write multiple tracking cookies just before plaing the phantom sounds
5 Google links are redirected
6. Internet connection is extremely slow via web browsers (both IE9 and Chrome)

following you will find logs from securit checkup and combofix

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix 12-08-04.02 - Sean Einy 08/03/2012 21:35:06.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4166 [GMT -7:00]
Running from: c:\users\Sean Einy\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 05:13 . 2012-08-04 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 06:13 . 2012-08-03 16:11 -------- d-----w- c:\program files (x86)\Tansee iPod Transfer
2012-07-27 22:13 . 2012-07-27 22:13 -------- d-----w- c:\programdata\Cisco Systems
2012-07-27 20:18 . 2012-07-27 20:18 67376 ----a-w- c:\windows\SysWow64\SYSINFO.OCX
2012-07-27 20:18 . 2012-07-27 20:18 124688 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2012-07-27 20:18 . 2012-07-27 21:21 -------- d-----w- c:\program files\SpeedTestPro
2012-07-27 20:17 . 2012-07-27 20:17 -------- d-----w- c:\program files (x86)\AF Uninstalls
2012-07-27 19:45 . 2011-09-14 21:29 21568 ----a-w- c:\windows\system32\amdriver_x64.sys
2012-07-27 19:45 . 2011-09-14 21:29 55360 ----a-w- c:\windows\system32\drivers\amtransv_x64.sys
2012-07-27 19:42 . 2012-07-27 19:42 -------- d-----w- c:\program files (x86)\Common Files\Crystal Decisions
2012-07-27 19:42 . 2012-07-27 19:42 -------- d-----w- c:\program files (x86)\AirMagnet Inc
2012-07-27 19:42 . 2011-09-14 21:26 32768 ----a-w- c:\windows\SysWow64\AmDriver.dll
2012-07-27 19:42 . 2011-07-08 21:28 10240 ----a-w- c:\windows\SysWow64\AmDriver.sys
2012-07-27 00:40 . 2012-07-27 00:40 -------- d-----w- c:\program files\CCleaner
2012-07-27 00:37 . 2012-07-27 00:37 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-07-26 21:35 . 2012-07-26 21:35 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-26 16:53 . 2012-07-26 16:53 -------- d-----w- c:\users\Sean Einy\AppData\Roaming\ChemTable Software
2012-07-26 16:53 . 2012-07-26 16:53 -------- d-----w- c:\users\Sean Einy\AppData\Local\ChemTable Software
2012-07-25 20:02 . 2012-07-25 20:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-25 20:02 . 2012-07-25 20:02 -------- d-----w- c:\program files (x86)\Oracle
2012-07-25 20:01 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-25 20:00 . 2012-07-25 20:00 -------- d-----w- c:\programdata\McAfee
2012-07-25 16:38 . 2012-07-25 16:40 -------- d-----w- c:\users\Sean Einy\AppData\Roaming\AVG
2012-07-25 16:26 . 2012-07-25 16:26 -------- d-----w- c:\users\Sean Einy\AppData\Local\AVG Secure Search
2012-07-25 16:25 . 2012-07-25 16:27 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-25 16:25 . 2012-07-25 16:25 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-25 16:25 . 2012-07-26 12:52 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-25 16:25 . 2012-07-25 16:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-25 16:24 . 2012-07-25 16:24 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-25 16:22 . 2012-07-25 16:22 -------- d-----w- C:\$AVG
2012-07-25 16:22 . 2012-08-04 01:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 16:22 . 2012-07-25 16:34 -------- d-----w- c:\programdata\AVG2012
2012-07-25 16:22 . 2012-07-25 16:37 -------- d-----w- c:\program files (x86)\AVG
2012-07-25 16:15 . 2012-08-04 01:56 -------- d-----w- c:\programdata\MFAData
2012-07-25 06:54 . 2012-07-25 06:54 328704 ----a-w- c:\windows\system32\services.exe.B1C660915A571BB8
2012-07-25 06:48 . 2012-07-25 06:48 328704 ----a-w- c:\windows\system32\services.exe.3C5A24DFA322C272
2012-07-24 23:38 . 2012-07-24 23:38 328704 ----a-w- c:\windows\system32\services.exe.F3B2C6CD35486271
2012-07-24 23:33 . 2012-07-24 23:33 328704 ----a-w- c:\windows\system32\services.exe.EE4CF34302B892BA
2012-07-24 23:28 . 2012-07-24 23:28 328704 ----a-w- c:\windows\system32\services.exe.3DFC60C61EDA6A0E
2012-07-24 23:23 . 2012-07-24 23:23 328704 ----a-w- c:\windows\system32\services.exe.0C3A288AC786442A
2012-07-24 23:15 . 2012-07-24 23:15 328704 ----a-w- c:\windows\system32\services.exe.278084EE499E4A6F
2012-07-24 23:11 . 2012-07-24 23:11 328704 ----a-w- c:\windows\system32\services.exe.8E412EE286C6E923
2012-07-24 23:07 . 2012-07-24 23:07 328704 ----a-w- c:\windows\system32\services.exe.00C00CC71CD36C11
2012-07-24 22:23 . 2012-07-24 22:23 328704 ----a-w- c:\windows\system32\services.exe.AA8CEEF20C649571
2012-07-24 13:38 . 2012-07-24 13:38 328704 ----a-w- c:\windows\system32\services.exe.7E060A88476F3F0D
2012-07-24 12:44 . 2012-07-24 12:44 328704 ----a-w- c:\windows\system32\services.exe.5DB49F46C4F0DB74
2012-07-24 12:38 . 2012-07-24 12:38 50392 ----a-w- c:\windows\system32\drivers\mifdmeeu.sys
2012-07-24 12:38 . 2012-07-24 12:38 328704 ----a-w- c:\windows\system32\services.exe.B666882A9274B559
2012-07-24 12:31 . 2012-07-24 12:31 328704 ----a-w- c:\windows\system32\services.exe.82969D036F721C1D
2012-07-24 12:27 . 2012-07-24 12:27 328704 ----a-w- c:\windows\system32\services.exe.CF2783C7C8517DF6
2012-07-24 12:23 . 2012-07-24 12:23 328704 ----a-w- c:\windows\system32\services.exe.A1AFC480A711F13E
2012-07-24 12:18 . 2012-07-24 12:18 328704 ----a-w- c:\windows\system32\services.exe.765953A4D99D696C
2012-07-24 12:14 . 2012-07-24 12:14 328704 ----a-w- c:\windows\system32\services.exe.D29F243923D4184C
2012-07-24 12:09 . 2012-07-24 12:09 328704 ----a-w- c:\windows\system32\services.exe.49E7882FB07DBDB3
2012-07-24 12:05 . 2012-07-24 12:05 328704 ----a-w- c:\windows\system32\services.exe.90EBD0F3E7F47C46
2012-07-24 12:00 . 2012-07-24 12:00 328704 ----a-w- c:\windows\system32\services.exe.E9544C650E422BB1
2012-07-24 11:56 . 2012-07-24 11:56 328704 ----a-w- c:\windows\system32\services.exe.52BEBDCB34A96C96
2012-07-24 11:51 . 2012-07-24 11:51 328704 ----a-w- c:\windows\system32\services.exe.6D8F7EA2066D84E4
2012-07-24 11:47 . 2012-07-24 11:47 328704 ----a-w- c:\windows\system32\services.exe.8C83BFB1A20EA796
2012-07-24 11:42 . 2012-07-24 11:42 328704 ----a-w- c:\windows\system32\services.exe.DB3F258B5D8D74DD
2012-07-24 11:38 . 2012-07-24 11:38 328704 ----a-w- c:\windows\system32\services.exe.4D30ED45578FCF41
2012-07-24 11:33 . 2012-07-24 11:33 328704 ----a-w- c:\windows\system32\services.exe.68BDF6E96298D3A4
2012-07-24 11:29 . 2012-07-24 11:29 328704 ----a-w- c:\windows\system32\services.exe.DE6CCA24BED14E16
2012-07-24 11:25 . 2012-07-24 11:25 328704 ----a-w- c:\windows\system32\services.exe.C5F7E4052E46E15C
2012-07-24 11:20 . 2012-07-24 11:20 328704 ----a-w- c:\windows\system32\services.exe.FA66D2EE3ED4A51B
2012-07-24 11:16 . 2012-07-24 11:16 328704 ----a-w- c:\windows\system32\services.exe.EC38F9F26C51B630
2012-07-24 11:11 . 2012-07-24 11:11 328704 ----a-w- c:\windows\system32\services.exe.BCAC8E557CCCAA03
2012-07-24 11:07 . 2012-07-24 11:07 328704 ----a-w- c:\windows\system32\services.exe.5B2B810D9B72B6E6
2012-07-24 11:02 . 2012-07-24 11:02 328704 ----a-w- c:\windows\system32\services.exe.E0EECC3BD39995D5
2012-07-24 10:58 . 2012-07-24 10:58 328704 ----a-w- c:\windows\system32\services.exe.1AFAB09BBAC9F30C
2012-07-24 10:53 . 2012-07-24 10:53 328704 ----a-w- c:\windows\system32\services.exe.001FB67C5BB57632
2012-07-24 10:49 . 2012-07-24 10:49 328704 ----a-w- c:\windows\system32\services.exe.3AD2F00CAB13D8AD
2012-07-24 10:44 . 2012-07-24 10:44 328704 ----a-w- c:\windows\system32\services.exe.384413642B855C7B
2012-07-24 10:40 . 2012-07-24 10:40 328704 ----a-w- c:\windows\system32\services.exe.67BF7FD18B81C7F2
2012-07-24 10:36 . 2012-07-24 10:36 328704 ----a-w- c:\windows\system32\services.exe.4DF39D05238C2AA2
2012-07-24 10:31 . 2012-07-24 10:31 328704 ----a-w- c:\windows\system32\services.exe.C614805ADC4830A8
2012-07-24 10:27 . 2012-07-24 10:27 328704 ----a-w- c:\windows\system32\services.exe.D69F9B3FA4C3F29F
2012-07-24 10:22 . 2012-07-24 10:22 328704 ----a-w- c:\windows\system32\services.exe.F7D1E34CE377ADAB
2012-07-24 10:18 . 2012-07-24 10:18 328704 ----a-w- c:\windows\system32\services.exe.3665D2D6D495E639
2012-07-24 10:13 . 2012-07-24 10:13 328704 ----a-w- c:\windows\system32\services.exe.0244F0CFBF6FEA3D
2012-07-24 10:09 . 2012-07-24 10:09 328704 ----a-w- c:\windows\system32\services.exe.DA715C0A4AE96788
2012-07-24 10:05 . 2012-07-24 10:05 328704 ----a-w- c:\windows\system32\services.exe.5176CB65919B1855
2012-07-24 10:00 . 2012-07-24 10:00 328704 ----a-w- c:\windows\system32\services.exe.215EAC911CE1E6E4
2012-07-24 09:56 . 2012-07-24 09:56 328704 ----a-w- c:\windows\system32\services.exe.485B5E9D40D93757
2012-07-24 09:51 . 2012-07-24 09:51 328704 ----a-w- c:\windows\system32\services.exe.96B3CB31A0891BBB
2012-07-24 09:47 . 2012-07-24 09:47 328704 ----a-w- c:\windows\system32\services.exe.20C3419C59BD625F
2012-07-24 09:42 . 2012-07-24 09:42 328704 ----a-w- c:\windows\system32\services.exe.7F7BF8580A2AF7AF
2012-07-24 09:38 . 2012-07-24 09:38 328704 ----a-w- c:\windows\system32\services.exe.7D3046F496668E23
2012-07-24 09:33 . 2012-07-24 09:33 328704 ----a-w- c:\windows\system32\services.exe.3FF59E1186DE1B70
2012-07-24 09:29 . 2012-07-24 09:29 328704 ----a-w- c:\windows\system32\services.exe.5D0F0A3D518F25A1
2012-07-24 09:25 . 2012-07-24 09:25 328704 ----a-w- c:\windows\system32\services.exe.BB1074553884DE53
2012-07-24 09:20 . 2012-07-24 09:20 328704 ----a-w- c:\windows\system32\services.exe.179FF81814754A27
2012-07-24 09:16 . 2012-07-24 09:16 328704 ----a-w- c:\windows\system32\services.exe.2A5F7CF2FE1AE0BB
2012-07-24 09:11 . 2012-07-24 09:11 328704 ----a-w- c:\windows\system32\services.exe.95286B40451E3870
2012-07-24 09:07 . 2012-07-24 09:07 328704 ----a-w- c:\windows\system32\services.exe.8B785E0454D9CC49
2012-07-24 09:03 . 2012-07-24 09:03 328704 ----a-w- c:\windows\system32\services.exe.B07AEF26E7C98E75
2012-07-24 08:58 . 2012-07-24 08:58 328704 ----a-w- c:\windows\system32\services.exe.30FAB4A6448D6068
2012-07-24 08:54 . 2012-07-24 08:54 328704 ----a-w- c:\windows\system32\services.exe.0E7FF45CCE5EF498
2012-07-24 08:49 . 2012-07-24 08:49 328704 ----a-w- c:\windows\system32\services.exe.6F5155B228DE671A
2012-07-24 08:45 . 2012-07-24 08:45 328704 ----a-w- c:\windows\system32\services.exe.9AEEDBBE40BF9571
2012-07-24 08:41 . 2012-07-24 08:41 328704 ----a-w- c:\windows\system32\services.exe.2D26FF4A49614015
2012-07-24 08:36 . 2012-07-24 08:36 328704 ----a-w- c:\windows\system32\services.exe.B3FA6B9040CB36B3
2012-07-24 08:32 . 2012-07-24 08:32 328704 ----a-w- c:\windows\system32\services.exe.78E1C027DBCB0B6E
2012-07-24 08:27 . 2012-07-24 08:27 328704 ----a-w- c:\windows\system32\services.exe.FA1E4537DA0E5140
2012-07-24 08:23 . 2012-07-24 08:23 328704 ----a-w- c:\windows\system32\services.exe.C5906740732EC9AD
2012-07-24 08:19 . 2012-07-24 08:19 328704 ----a-w- c:\windows\system32\services.exe.C9AF9F38D04A3678
2012-07-24 08:14 . 2012-07-24 08:14 328704 ----a-w- c:\windows\system32\services.exe.1F5706EF5137616D
2012-07-24 08:10 . 2012-07-24 08:10 328704 ----a-w- c:\windows\system32\services.exe.F7A32F0EB8E2FAFB
2012-07-24 08:05 . 2012-07-24 08:05 328704 ----a-w- c:\windows\system32\services.exe.D64DFE7CCD2D2E23
2012-07-24 08:01 . 2012-07-24 08:01 328704 ----a-w- c:\windows\system32\services.exe.08F64B268AD9B423
2012-07-24 07:56 . 2012-07-24 07:56 328704 ----a-w- c:\windows\system32\services.exe.61F3853271E93FF0
2012-07-24 07:52 . 2012-07-24 07:52 328704 ----a-w- c:\windows\system32\services.exe.3EF5CD7F4C2AFFC6
2012-07-24 07:48 . 2012-07-24 07:48 328704 ----a-w- c:\windows\system32\services.exe.73A7CCF70FDAE014
2012-07-24 07:43 . 2012-07-24 07:43 328704 ----a-w- c:\windows\system32\services.exe.30C80689493F1FF0
2012-07-24 07:39 . 2012-07-24 07:39 328704 ----a-w- c:\windows\system32\services.exe.D3887067EFD4E7D4
2012-07-24 07:34 . 2012-07-24 07:34 328704 ----a-w- c:\windows\system32\services.exe.408E896A9023D3F6
2012-07-24 07:30 . 2012-07-24 07:30 328704 ----a-w- c:\windows\system32\services.exe.8E0E9B8687C1DE92
2012-07-24 07:26 . 2012-07-24 07:26 328704 ----a-w- c:\windows\system32\services.exe.B4E5116ECDE2E04F
2012-07-24 07:21 . 2012-07-24 07:21 328704 ----a-w- c:\windows\system32\services.exe.CE15D6E2E12855B3
2012-07-24 07:17 . 2012-07-24 07:17 328704 ----a-w- c:\windows\system32\services.exe.E2A2D03EE9167DC4
2012-07-24 07:12 . 2012-07-24 07:12 328704 ----a-w- c:\windows\system32\services.exe.E9D29DE26DBB80C1
2012-07-24 07:08 . 2012-07-24 07:08 328704 ----a-w- c:\windows\system32\services.exe.5578DF69E13FBA52
2012-07-24 07:04 . 2012-07-24 07:04 328704 ----a-w- c:\windows\system32\services.exe.45760D635C213098
2012-07-24 06:59 . 2012-07-24 06:59 328704 ----a-w- c:\windows\system32\services.exe.58831F73499A678E
2012-07-24 06:55 . 2012-07-24 06:55 328704 ----a-w- c:\windows\system32\services.exe.4E80B3360FD464A7
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 20:18 . 2000-05-23 00:58 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-07-27 20:18 . 1999-06-23 00:36 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2012-07-26 21:13 . 2012-04-03 20:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 21:13 . 2011-05-25 02:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 15:42 . 2012-05-21 21:52 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 10:03 . 2011-04-26 04:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 05:06 . 2011-10-23 09:25 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 07:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 07:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 07:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 08:25 . 2012-05-18 08:25 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-28_12.38.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-29 00:57 . 2012-07-29 17:34 68276 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 05:20 45418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-26 03:39 . 2012-08-04 02:15 19096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-266775593-2276910581-870900397-1000_UserData.bin
- 2009-07-14 05:30 . 2012-07-27 19:45 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-08-03 05:50 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-03-13 21:56 . 2012-07-27 23:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-13 21:56 . 2012-08-04 02:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-13 21:56 . 2012-08-04 02:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-13 21:56 . 2012-07-27 23:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 23:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 02:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-02 23:44 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-14 14:25 . 2012-08-03 17:15 5388 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-14 14:25 . 2012-07-27 01:38 5388 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-04 00:15 . 2012-08-04 00:15 9560 c:\windows\system32\NetworkList\Icons\{F535CE84-0FDE-4C19-A9BC-697F47C9086B}_48.bin
+ 2012-08-04 00:15 . 2012-08-04 00:15 4280 c:\windows\system32\NetworkList\Icons\{F535CE84-0FDE-4C19-A9BC-697F47C9086B}_32.bin
+ 2012-08-04 00:15 . 2012-08-04 00:15 2456 c:\windows\system32\NetworkList\Icons\{F535CE84-0FDE-4C19-A9BC-697F47C9086B}_24.bin
+ 2012-07-31 22:59 . 2012-07-31 22:59 9560 c:\windows\system32\NetworkList\Icons\{7F973E13-3D1A-4652-9A5E-4C364B612BFB}_48.bin
+ 2012-07-31 22:59 . 2012-07-31 22:59 4280 c:\windows\system32\NetworkList\Icons\{7F973E13-3D1A-4652-9A5E-4C364B612BFB}_32.bin
+ 2012-07-31 22:59 . 2012-07-31 22:59 2456 c:\windows\system32\NetworkList\Icons\{7F973E13-3D1A-4652-9A5E-4C364B612BFB}_24.bin
- 2012-07-28 11:04 . 2012-07-28 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 05:15 . 2012-08-04 05:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 05:15 . 2012-08-04 05:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-28 11:04 . 2012-07-28 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 16:30 . 2012-07-28 01:55 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-23 16:30 . 2012-08-03 17:55 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-26 14:52 . 2012-08-04 04:04 404526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-28 11:09 721362 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 02:17 721362 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 02:17 143454 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-28 11:09 143454 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-08-03 05:50 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-27 19:45 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-27 19:45 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-08-03 05:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-08-04 05:14 523448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-28 01:55 2162688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 17:55 2162688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-28 01:55 9043968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 17:55 9043968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-07-28 21:42 5041976 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-27 21:14 . 2012-08-04 05:14 7285104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-266775593-2276910581-870900397-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-25 16:25 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8fe28f46-37ad-47b2-8258-34c128636ace}"= "mscoree.dll" [2010-11-05 297808]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-25 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{8fe28f46-37ad-47b2-8258-34c128636ace}]
[HKEY_CLASSES_ROOT\Agat.AGForms.Toolbar.AGFormsToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-25 1147488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Sean Einy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vfkwonqv;vfkwonqv;c:\windows\system32\drivers\vfkwonqv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2010-06-17 119680]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-26 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R4 CMSLicenseService;CMS License Service;c:\program files (x86)\Cougar Mountain Software\Denali\CMSLicenseService.exe [2011-12-22 179712]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-21 1030600]
R4 gupdate;????? ????? Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
R4 gupdatem;????? ????? Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-12-18 482384]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-25 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MSSQL$CMSDENALI;SQL Server (CMSDENALI);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-28 7821312]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-24 42392]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:13]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
- c:\users\Sean Einy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 20:54]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
- c:\users\Sean Einy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 20:54]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 19:31]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22 19:31]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
- c:\users\Sean Einy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 06:31]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
- c:\users\Sean Einy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 06:31]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?PC=BNHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: freestockcharts.com\www
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
DPF: {3F932FFA-F092-4FDB-92C5-1285978614D2} - hxxp://99.66.30.201/WATCH_16R.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c3,33,5e,7b,6f,ab,51,e3,ec,54,02,f6,e8,cc,24,bd,2e,b8,86,9b,2a,
f6,94,bf,00,cd,41,27,11,a4,2a,f0,da,65,c3,d3,be,cb,57,e8,50,ea,4c,10,69,c6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c3,33,5e,7b,6f,ab,51,e3,ec,54,02,f6,e8,cc,24,bd,2e,b8,86,9b,2a,
f6,94,bf,00,cd,41,27,11,a4,2a,f0,da,65,c3,d3,be,cb,57,e8,50,ea,4c,10,69,c6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files (x86)\AnVir Task Manager Pro\anvir.exe
.
**************************************************************************
.
Completion time: 2012-08-03 22:43:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 05:42
ComboFix2.txt 2012-07-27 02:04
ComboFix3.txt 2012-07-26 10:38
.
Pre-Run: 232,283,648,000 bytes free
Post-Run: 232,268,300,288 bytes free
.
- - End Of File - - 2D8325C6AE7EBB60E5684FE7412D5726

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 04 August 2012 - 12:54 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 01:59 AM

Hi Gringo

I tried booting the computer in System Recovery but it halts at laoding files. I trid 3 times waiting anywhere from 30 min to 5 min.

I do not have a windows installtion DVD (its a laptop that didn't come with an installation DVD for windows.

Thanks

Sean

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 04 August 2012 - 04:03 AM

greetings


I would like you to go here to see how to make a disk that will allow you to enter the recovry environment

http://www.howtogeek.com/howto/5409/create-a-system-repair-disc-in-windows-7/


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 04:53 AM

THanks again

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 04-08-2012 02:27:18
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-07-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Sean Einy\...\Policies\system: [DisableLockWorkstation] 0
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Sean Einy\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 CMSLicenseService; "C:\Program Files (x86)\Cougar Mountain Software\Denali\CMSLicenseService.exe" [179712 2011-12-22] (Cougar Mountain Software)
4 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [110736 2010-05-20] (InterVideo)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MSSQL$CMSDENALI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sCMSDENALI [29293408 2010-12-10] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-07] (Microsoft Corporation)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
4 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [31080 2012-07-25] (AVG Technologies)
3 jrdusbser; C:\Windows\System32\Drivers\jrdusbser.sys [119680 2010-06-17] (TCT International Mobile Ltd)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x]
1 vfkwonqv; \??\C:\windows\system32\drivers\vfkwonqv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 02:24 - 2012-08-04 02:24 - 00000000 ____D C:\FRST
2012-08-03 21:59 - 2012-08-03 21:59 - 01438425 ____A (Farbar) C:\Users\Sean Einy\Desktop\FRST64.exe
2012-08-03 21:43 - 2012-08-03 21:43 - 00038971 ____A C:\Users\Sean Einy\Desktop\ComboFix8-3-12.txt
2012-08-03 21:43 - 2012-08-03 21:43 - 00038971 ____A C:\ComboFix.txt
2012-08-03 20:29 - 2012-08-03 21:44 - 00000000 ____D C:\ComboFix
2012-08-03 20:22 - 2012-08-03 20:22 - 00000961 ____A C:\Users\Sean Einy\Desktop\checkup.txt
2012-08-03 20:07 - 2012-08-03 20:07 - 00881494 ____A C:\Users\Sean Einy\Desktop\SecurityCheck.exe
2012-08-02 22:13 - 2012-08-03 08:11 - 00000000 ____D C:\Program Files (x86)\Tansee iPod Transfer
2012-08-01 00:15 - 2012-08-03 21:15 - 00001124 ____A C:\Windows\PFRO.log
2012-07-31 21:40 - 2012-07-31 21:40 - 00000024 ____A C:\Users\Sean Einy\AppData\Local\73648-88365-27475-00IP7-22847
2012-07-31 21:28 - 2012-07-31 21:28 - 00000000 ____D C:\Users\Sean Einy\Downloads\iPod Copy (7.49) - Windows. TheNumberOne
2012-07-31 21:15 - 2012-07-31 21:15 - 03035797 ____A (iCopyExpert.com ) C:\Users\Sean Einy\Downloads\icopyexpert_setup.exe
2012-07-31 15:13 - 2012-07-31 15:13 - 00266240 ____A C:\Users\Sean Einy\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-07-30 15:51 - 2012-07-30 18:54 - 1070445163 ____A C:\Users\Sean Einy\Downloads\Breaking.Bad.S05E03.720p.HDTV.x264-EVOLVE.mkv
2012-07-30 15:50 - 2012-07-30 15:51 - 00000000 ____D C:\Users\Sean Einy\Downloads\Breaking.Bad.S05E02.720p.HDTV.x264-ORENJI [PublicHD]
2012-07-29 11:23 - 2012-07-29 11:23 - 00000000 ____D C:\Users\Sean Einy\Desktop\XS
2012-07-29 11:23 - 2012-07-29 11:23 - 00000000 ____D C:\Users\Sean Einy\Desktop\Dang
2012-07-29 09:29 - 2012-07-29 09:29 - 00016909 ____A C:\Users\Sean Einy\Desktop\AnvirHijackThisPro.txt.txt
2012-07-28 13:36 - 2012-07-28 13:36 - 00029145 ____A C:\Users\Sean Einy\Desktop\Attach.txt
2012-07-28 13:35 - 2012-07-28 13:35 - 00039196 ____A C:\Users\Sean Einy\Desktop\DDS.txt
2012-07-28 13:23 - 2012-07-28 13:22 - 00607260 ____R (Swearware) C:\Users\Sean Einy\Desktop\dds.exe
2012-07-28 12:52 - 2012-07-28 12:52 - 00000480 ____A C:\Users\Sean Einy\Desktop\defogger_disable.log
2012-07-28 12:52 - 2012-07-28 12:52 - 00000000 ____A C:\Users\Sean Einy\defogger_reenable
2012-07-28 12:51 - 2012-07-28 12:51 - 00050477 ____A C:\Users\Sean Einy\Desktop\Defogger.exe
2012-07-28 11:05 - 2012-07-28 11:05 - 00118246 ____A C:\Users\Sean Einy\Desktop\Extras.Txt
2012-07-28 11:04 - 2012-07-28 11:04 - 00177278 ____A C:\Users\Sean Einy\Desktop\OTL.Txt
2012-07-28 09:44 - 2012-07-28 09:44 - 00302592 ____A C:\Users\Sean Einy\Desktop\vjburg8t.exe
2012-07-28 09:42 - 2012-07-28 09:42 - 00597504 ____A (OldTimer Tools) C:\Users\Sean Einy\Desktop\OTL.exe
2012-07-28 07:52 - 2012-07-28 07:52 - 00013351 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections8.htm
2012-07-28 07:49 - 2012-07-28 07:49 - 00005012 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections7.htm
2012-07-28 07:46 - 2012-07-28 07:47 - 00004204 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections6.htm
2012-07-28 07:36 - 2012-08-03 22:53 - 00006276 ____A C:\Windows\setupact.log
2012-07-28 07:36 - 2012-07-28 07:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-28 05:00 - 2012-07-28 05:00 - 00041822 ____A C:\Users\Sean Einy\Desktop\ComboFix.txt
2012-07-27 14:13 - 2012-07-27 14:13 - 00000000 ____D C:\Users\All Users\Cisco Systems
2012-07-27 13:57 - 2012-07-27 13:58 - 00000000 ____D C:\Users\Sean Einy\Downloads\CopyTrans Suite 4 WinXP-Vista-Win7-x86-x64 {Activated} {blaze69}
2012-07-27 13:53 - 2012-07-27 13:53 - 00000000 ____D C:\Users\Sean Einy\Downloads\Touch Copy 3.07
2012-07-27 12:18 - 2012-07-27 13:21 - 00000000 ____D C:\Program Files\SpeedTestPro
2012-07-27 12:18 - 2012-07-27 12:18 - 00124688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2012-07-27 12:18 - 2012-07-27 12:18 - 00067376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SYSINFO.OCX
2012-07-27 12:17 - 2012-07-27 12:17 - 00000000 ____D C:\Program Files (x86)\AF Uninstalls
2012-07-27 12:16 - 2012-07-27 12:16 - 05238170 ____A C:\Users\Sean Einy\Downloads\SpeedTest.exe
2012-07-27 11:45 - 2011-09-14 13:29 - 00055360 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\amtransv_x64.sys
2012-07-27 11:45 - 2011-09-14 13:29 - 00021568 ____A ( Fluke Networks Inc.) C:\Windows\System32\amdriver_x64.sys
2012-07-27 11:42 - 2012-07-27 11:42 - 00000000 ____D C:\Program Files (x86)\AirMagnet Inc
2012-07-27 11:42 - 2011-09-14 13:26 - 00032768 ____A (AirMagnet) C:\Windows\SysWOW64\AmDriver.dll
2012-07-27 11:42 - 2011-07-08 13:28 - 00010240 ____A ( Fluke Networks Inc.) C:\Windows\SysWOW64\AmDriver.sys
2012-07-27 11:36 - 2012-07-27 11:41 - 186291464 ____A (AirMagnet Inc. ) C:\Users\Sean Einy\Downloads\AirMagnet_WiFi_DemoInstaller.exe
2012-07-26 19:27 - 2012-07-26 19:27 - 00002336 ____A C:\Users\Sean Einy\Documents\AnVir_Connections5.htm
2012-07-26 19:12 - 2012-07-26 19:12 - 00025677 ____A C:\Users\Sean Einy\Documents\AnVir_Connections4.htm
2012-07-26 18:53 - 2012-07-26 18:53 - 00013224 ____A C:\Users\Sean Einy\Documents\AnVir_Connections3.htm
2012-07-26 16:50 - 2012-08-03 20:27 - 04724408 ____R (Swearware) C:\Users\Sean Einy\Desktop\ComboFix.exe
2012-07-26 16:40 - 2012-07-29 19:22 - 00000998 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-26 16:40 - 2012-07-26 16:40 - 00000000 ____D C:\Program Files\CCleaner
2012-07-26 16:37 - 2012-07-26 16:37 - 00001275 ____A C:\Users\Sean Einy\Desktop\Revo Uninstaller.lnk
2012-07-26 16:37 - 2012-07-26 16:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2012-07-26 16:25 - 2012-07-26 16:25 - 03907920 ____A (Piriform Ltd) C:\Users\Sean Einy\Downloads\ccsetup321.exe
2012-07-26 16:21 - 2012-07-26 16:21 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Sean Einy\Downloads\revosetup.exe
2012-07-26 15:38 - 2012-07-26 15:38 - 00016233 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections1.htm
2012-07-26 15:11 - 2012-07-26 15:11 - 00011433 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections.htm
2012-07-26 13:35 - 2012-07-26 13:35 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-26 13:25 - 2012-07-26 13:33 - 141573488 ____A C:\Users\Sean Einy\Downloads\setup_11.0.0.1245.x01_2012_07_26_23_02.exe
2012-07-26 08:53 - 2012-07-26 08:53 - 00001097 ____A C:\Users\Sean Einy\Desktop\AnVir Task Manager Pro.lnk
2012-07-26 08:53 - 2012-07-26 08:53 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\ChemTable Software
2012-07-26 08:53 - 2012-07-26 08:53 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\ChemTable Software
2012-07-26 08:51 - 2012-07-26 08:51 - 07669480 ____A C:\Users\Sean Einy\Downloads\taskpro.exe
2012-07-26 08:37 - 2012-07-26 08:37 - 01105024 ____A C:\Users\Sean Einy\Downloads\Anvir-task-manager-pro_6.3_downloader.exe
2012-07-26 01:16 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-26 01:16 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-26 01:16 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-26 01:16 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-26 01:16 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-26 01:16 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-26 01:16 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-26 01:16 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-26 01:11 - 2012-08-03 21:44 - 00000000 ____D C:\Qoobox
2012-07-26 01:08 - 2012-07-26 01:08 - 04719627 ____R (Swearware) C:\Users\Sean Einy\Downloads\ComboFix.exe
2012-07-25 19:01 - 2012-07-25 19:01 - 04731392 ____A (AVAST Software) C:\Users\Sean Einy\Downloads\aswMBR (1).exe
2012-07-25 18:59 - 2012-07-25 19:00 - 04731392 ____A (AVAST Software) C:\Users\Sean Einy\Downloads\aswMBR.exe
2012-07-25 12:02 - 2012-07-25 12:02 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-25 12:01 - 2012-07-25 12:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-25 12:01 - 2012-07-25 12:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-25 12:01 - 2012-07-05 21:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-25 12:01 - 2012-07-05 21:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-25 12:00 - 2012-07-25 12:00 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-25 11:58 - 2012-07-25 11:59 - 00893936 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\chromeinstall-7u5.exe
2012-07-25 10:44 - 2012-07-25 10:44 - 00138120 ____A (ESET) C:\Users\Sean Einy\Downloads\ESETSirefefRemover.exe
2012-07-25 10:44 - 2012-07-25 10:44 - 00000000 ____A C:\Users\Sean Einy\Downloads\ServicesRepair.exe.rl4wsue.partial
2012-07-25 08:38 - 2012-07-25 08:40 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\AVG
2012-07-25 08:37 - 2012-07-25 08:37 - 08351040 ____A (AVG ) C:\Users\Sean Einy\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-07-25 08:35 - 2012-07-25 08:35 - 00027520 ____A C:\Users\Sean Einy\AppData\Local\dt.dat
2012-07-25 08:26 - 2012-07-25 08:26 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 08:26 - 2012-07-25 08:26 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\AVG2012
2012-07-25 08:26 - 2012-07-25 08:26 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\AVG Secure Search
2012-07-25 08:25 - 2012-07-25 08:27 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-25 08:25 - 2012-07-25 08:25 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-25 08:25 - 2012-07-25 08:25 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-07-25 08:24 - 2012-07-25 08:24 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-25 08:22 - 2012-08-03 17:55 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-25 08:22 - 2012-07-25 08:37 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-25 08:22 - 2012-07-25 08:34 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-25 08:22 - 2012-07-25 08:22 - 00000000 ____D C:\$AVG
2012-07-25 08:15 - 2012-08-03 17:56 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-25 08:15 - 2012-07-25 08:15 - 03879800 ____A (AVG Technologies) C:\Users\Sean Einy\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-24 22:54 - 2012-07-24 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1C660915A571BB8
2012-07-24 22:49 - 2012-07-24 22:49 - 13806733 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\jre-7u5-windows-x64 (1).exe.74nhx2n.partial
2012-07-24 22:48 - 2012-07-24 22:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C5A24DFA322C272
2012-07-24 15:38 - 2012-07-24 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3B2C6CD35486271
2012-07-24 15:33 - 2012-07-24 15:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE4CF34302B892BA
2012-07-24 15:28 - 2012-07-24 15:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DFC60C61EDA6A0E
2012-07-24 15:23 - 2012-07-24 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C3A288AC786442A
2012-07-24 15:15 - 2012-07-24 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.278084EE499E4A6F
2012-07-24 15:11 - 2012-07-24 15:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E412EE286C6E923
2012-07-24 15:07 - 2012-07-24 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00C00CC71CD36C11
2012-07-24 14:43 - 2012-07-24 14:43 - 00000165 ___AH C:\Users\Sean Einy\Desktop\~$party app econ model.xlsx
2012-07-24 14:23 - 2012-07-24 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA8CEEF20C649571
2012-07-24 13:12 - 2012-07-24 13:12 - 00000456 ____A C:\Users\Sean Einy\Desktop\eset av 17-24-12.txt
2012-07-24 10:34 - 2012-07-24 10:34 - 12621696 ____A (Microsoft Corporation) C:\Users\Sean Einy\Downloads\mseinstall.exe
2012-07-24 10:18 - 2012-07-28 07:15 - 00000000 ____D C:\Windows\Minidump
2012-07-24 05:38 - 2012-07-24 05:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E060A88476F3F0D
2012-07-24 04:44 - 2012-07-24 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB49F46C4F0DB74
2012-07-24 04:38 - 2012-07-24 04:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B666882A9274B559
2012-07-24 04:38 - 2012-07-24 04:38 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mifdmeeu.sys
2012-07-24 04:31 - 2012-07-24 04:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82969D036F721C1D
2012-07-24 04:27 - 2012-07-24 04:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF2783C7C8517DF6
2012-07-24 04:23 - 2012-07-24 04:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1AFC480A711F13E
2012-07-24 04:18 - 2012-07-24 04:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.765953A4D99D696C
2012-07-24 04:14 - 2012-07-24 04:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29F243923D4184C
2012-07-24 04:09 - 2012-07-24 04:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49E7882FB07DBDB3
2012-07-24 04:05 - 2012-07-24 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90EBD0F3E7F47C46
2012-07-24 04:00 - 2012-07-24 04:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9544C650E422BB1
2012-07-24 03:56 - 2012-07-24 03:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BEBDCB34A96C96
2012-07-24 03:51 - 2012-07-24 03:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D8F7EA2066D84E4
2012-07-24 03:47 - 2012-07-24 03:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C83BFB1A20EA796
2012-07-24 03:42 - 2012-07-24 03:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB3F258B5D8D74DD
2012-07-24 03:38 - 2012-07-24 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D30ED45578FCF41
2012-07-24 03:33 - 2012-07-24 03:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68BDF6E96298D3A4
2012-07-24 03:29 - 2012-07-24 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE6CCA24BED14E16
2012-07-24 03:25 - 2012-07-24 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5F7E4052E46E15C
2012-07-24 03:20 - 2012-07-24 03:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA66D2EE3ED4A51B
2012-07-24 03:16 - 2012-07-24 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC38F9F26C51B630
2012-07-24 03:11 - 2012-07-24 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCAC8E557CCCAA03
2012-07-24 03:07 - 2012-07-24 03:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B2B810D9B72B6E6
2012-07-24 03:02 - 2012-07-24 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E0EECC3BD39995D5
2012-07-24 02:58 - 2012-07-24 02:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AFAB09BBAC9F30C
2012-07-24 02:53 - 2012-07-24 02:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.001FB67C5BB57632
2012-07-24 02:49 - 2012-07-24 02:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AD2F00CAB13D8AD
2012-07-24 02:44 - 2012-07-24 02:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.384413642B855C7B
2012-07-24 02:40 - 2012-07-24 02:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.67BF7FD18B81C7F2
2012-07-24 02:36 - 2012-07-24 02:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DF39D05238C2AA2
2012-07-24 02:31 - 2012-07-24 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C614805ADC4830A8
2012-07-24 02:27 - 2012-07-24 02:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D69F9B3FA4C3F29F
2012-07-24 02:22 - 2012-07-24 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7D1E34CE377ADAB
2012-07-24 02:18 - 2012-07-24 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3665D2D6D495E639
2012-07-24 02:13 - 2012-07-24 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0244F0CFBF6FEA3D
2012-07-24 02:09 - 2012-07-24 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA715C0A4AE96788
2012-07-24 02:05 - 2012-07-24 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5176CB65919B1855
2012-07-24 02:00 - 2012-07-24 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.215EAC911CE1E6E4
2012-07-24 01:56 - 2012-07-24 01:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.485B5E9D40D93757
2012-07-24 01:51 - 2012-07-24 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96B3CB31A0891BBB
2012-07-24 01:47 - 2012-07-24 01:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C3419C59BD625F
2012-07-24 01:42 - 2012-07-24 01:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7F7BF8580A2AF7AF
2012-07-24 01:38 - 2012-07-24 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D3046F496668E23
2012-07-24 01:33 - 2012-07-24 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FF59E1186DE1B70
2012-07-24 01:29 - 2012-07-24 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D0F0A3D518F25A1
2012-07-24 01:25 - 2012-07-24 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB1074553884DE53
2012-07-24 01:20 - 2012-07-24 01:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.179FF81814754A27
2012-07-24 01:16 - 2012-07-24 01:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A5F7CF2FE1AE0BB
2012-07-24 01:11 - 2012-07-24 01:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95286B40451E3870
2012-07-24 01:07 - 2012-07-24 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B785E0454D9CC49
2012-07-24 01:03 - 2012-07-24 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B07AEF26E7C98E75
2012-07-24 00:58 - 2012-07-24 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30FAB4A6448D6068
2012-07-24 00:54 - 2012-07-24 00:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7FF45CCE5EF498
2012-07-24 00:49 - 2012-07-24 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F5155B228DE671A
2012-07-24 00:45 - 2012-07-24 00:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AEEDBBE40BF9571
2012-07-24 00:41 - 2012-07-24 00:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D26FF4A49614015
2012-07-24 00:36 - 2012-07-24 00:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3FA6B9040CB36B3
2012-07-24 00:32 - 2012-07-24 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78E1C027DBCB0B6E
2012-07-24 00:27 - 2012-07-24 00:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA1E4537DA0E5140
2012-07-24 00:23 - 2012-07-24 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5906740732EC9AD
2012-07-24 00:19 - 2012-07-24 00:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9AF9F38D04A3678
2012-07-24 00:14 - 2012-07-24 00:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F5706EF5137616D
2012-07-24 00:10 - 2012-07-24 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7A32F0EB8E2FAFB
2012-07-24 00:05 - 2012-07-24 00:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64DFE7CCD2D2E23
2012-07-24 00:01 - 2012-07-24 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.08F64B268AD9B423
2012-07-23 23:56 - 2012-07-23 23:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61F3853271E93FF0
2012-07-23 23:52 - 2012-07-23 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3EF5CD7F4C2AFFC6
2012-07-23 23:48 - 2012-07-23 23:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73A7CCF70FDAE014
2012-07-23 23:43 - 2012-07-23 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30C80689493F1FF0
2012-07-23 23:39 - 2012-07-23 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3887067EFD4E7D4
2012-07-23 23:34 - 2012-07-23 23:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.408E896A9023D3F6
2012-07-23 23:30 - 2012-07-23 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E0E9B8687C1DE92
2012-07-23 23:26 - 2012-07-23 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4E5116ECDE2E04F
2012-07-23 23:21 - 2012-07-23 23:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE15D6E2E12855B3
2012-07-23 23:17 - 2012-07-23 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A2D03EE9167DC4
2012-07-23 23:12 - 2012-07-23 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D29DE26DBB80C1
2012-07-23 23:08 - 2012-07-23 23:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5578DF69E13FBA52
2012-07-23 23:04 - 2012-07-23 23:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45760D635C213098
2012-07-23 22:59 - 2012-07-23 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58831F73499A678E
2012-07-23 22:55 - 2012-07-23 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E80B3360FD464A7
2012-07-23 22:51 - 2012-07-23 22:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50EC324537552FFC
2012-07-23 22:47 - 2012-07-23 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D81E6275D0E6D164
2012-07-23 22:43 - 2012-07-23 22:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A318BBD25477E69
2012-07-23 22:39 - 2012-07-23 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4BAE1E4993CDFA6
2012-07-23 22:35 - 2012-07-23 22:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493B0C6D3704D36
2012-07-23 22:31 - 2012-07-23 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA26B17588F85E36
2012-07-23 22:27 - 2012-07-23 22:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4608B6CC9541F9D6
2012-07-23 22:23 - 2012-07-23 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8742B4E2A7140735
2012-07-23 22:10 - 2012-07-23 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE46CC01255418A1
2012-07-23 22:06 - 2012-07-23 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16A2DA2B8F2528CF
2012-07-23 18:50 - 2012-07-23 18:50 - 00000000 ____D C:\Users\Sean Einy\Downloads\Exterminate It 1.77
2012-07-23 09:20 - 2012-07-23 09:20 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\Curiolab
2012-07-23 09:10 - 2012-07-26 12:06 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2012-07-23 09:10 - 2012-07-23 09:10 - 00001092 ____A C:\Users\Public\Desktop\Exterminate It!.lnk
2012-07-23 08:57 - 2012-07-23 09:10 - 127310358 ____A (CURIOLAB S.M.B.A.) C:\Users\Sean Einy\Downloads\ExterminateItSetup-swpl.exe
2012-07-23 08:57 - 2012-07-23 09:10 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\GetRightToGo
2012-07-23 08:57 - 2012-07-23 08:57 - 00367240 ____A (RegNow.com) C:\Users\Sean Einy\Downloads\Download_ExterminateItSetup-swpl.exe
2012-07-23 08:30 - 2012-07-23 08:30 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 08:25 - 2011-12-27 21:49 - 00000053 ____A C:\Users\Sean Einy\Downloads\FILE_ID.DIZ
2012-07-23 08:25 - 2011-12-26 19:47 - 00004267 ____A C:\Users\Sean Einy\Downloads\aaocg.nfo
2012-07-23 02:17 - 2012-07-26 16:41 - 00000000 ____D C:\Program Files (x86)\ewido anti-malware
2012-07-23 02:16 - 2012-07-23 02:16 - 07255056 ____A C:\Users\Sean Einy\Downloads\ewido-setup.exe
2012-07-23 02:16 - 2012-07-23 02:16 - 00582864 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Malware.exe
2012-07-23 01:55 - 2012-07-23 01:55 - 08399438 ____A C:\Users\Sean Einy\Downloads\ewido-setup_4.0.0.172.exe
2012-07-23 01:55 - 2012-07-23 01:55 - 00582872 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Spyware (1).exe
2012-07-23 01:51 - 2012-07-23 01:51 - 00582872 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Spyware.exe
2012-07-22 19:12 - 2012-07-22 19:12 - 00302592 ____A C:\Users\Sean Einy\Downloads\o9j1bhzm.exe
2012-07-22 19:01 - 2012-07-22 19:01 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-22 19:01 - 2012-07-22 19:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-22 15:41 - 2012-07-22 15:41 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-22 15:40 - 2012-07-22 15:41 - 00000000 ____D C:\Program Files\iTunes
2012-07-22 15:40 - 2012-07-22 15:40 - 00000000 ____D C:\Program Files\iPod
2012-07-22 15:32 - 2012-07-22 15:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-22 15:24 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-22 15:24 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-22 11:57 - 2012-07-22 11:57 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\f-secure
2012-07-22 11:57 - 2012-07-22 11:57 - 00000000 ____D C:\Users\All Users\F-Secure
2012-07-22 11:05 - 2012-07-22 11:05 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-22 11:05 - 2012-07-22 11:05 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-22 11:04 - 2012-07-22 11:05 - 21869552 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\jre-7u5-windows-x64.exe
2012-07-22 08:05 - 2012-07-22 08:13 - 550881519 ____A C:\Users\Sean Einy\Documents\kav 7-21-12.txt
2012-07-21 18:09 - 2012-07-21 18:10 - 00001440 __ASH C:\Windows\4837805drv.spi
2012-07-21 10:46 - 2012-07-21 10:46 - 00000000 ____D C:\Windows\pss
2012-07-21 08:55 - 2012-07-26 02:21 - 00000000 ____D C:\Windows\erdnt
2012-07-21 08:42 - 2012-07-22 20:38 - 00000053 ____A C:\Windows\wininit.ini
2012-07-21 08:42 - 2012-07-22 20:38 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-07-21 00:55 - 2012-07-21 00:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-21 00:55 - 2012-07-21 00:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-21 00:17 - 2012-07-21 00:17 - 00000000 ____D C:\Users\Sean Einy\AppData\Roaming\Malwarebytes
2012-07-21 00:17 - 2012-07-21 00:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-21 00:14 - 2012-07-21 00:14 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sean Einy\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-20 23:02 - 2012-07-20 23:02 - 00000512 ____A C:\Users\Sean Einy\Downloads\MBRCheck_MBR_Backup_07-21-12_00-02-11.bak
2012-07-19 13:46 - 2012-02-07 09:50 - 00002301 ____A C:\Users\Public\Desktop\QuickBooks Enterprise Solutions 9.0.lnk
2012-07-19 13:46 - 2011-12-29 19:09 - 00001126 ____A C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.6.lnk
2012-07-19 13:46 - 2011-12-28 19:49 - 00001261 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2012-07-18 07:29 - 2012-08-04 00:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 07:22 - 2012-07-18 07:22 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{DBA9C281-2264-4184-A9A4-19D7B845F9E8}
2012-07-18 07:22 - 2012-07-18 07:22 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{1842D095-D22D-4510-B0CD-C1E9E260685F}
2012-07-15 13:42 - 2012-07-15 13:42 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{72733EA5-C2A4-4E86-9F07-D737F7914D16}
2012-07-15 13:41 - 2012-07-15 13:42 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{11AA586B-B047-4548-ACE9-B074734BE411}
2012-07-14 17:32 - 2012-07-26 16:41 - 00000000 ____D C:\Users\Sean Einy\Tracing
2012-07-14 17:32 - 2012-07-14 17:33 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{15B67294-1BDE-46EF-A70B-687186A9BB9F}
2012-07-14 17:32 - 2012-07-14 17:32 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{06C42994-6CAE-42A2-8D01-4030A9C36B9B}
2012-07-14 17:30 - 2012-07-14 17:30 - 00000000 ____D C:\Windows\en
2012-07-14 17:23 - 2012-07-14 17:23 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{EA9793E5-5BB9-447B-87C2-C7465E0D399A}
2012-07-14 17:23 - 2012-07-14 17:23 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{99971E97-A739-45D7-8CF4-2681688E4C02}
2012-07-14 17:23 - 2012-07-14 17:23 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{0715E8B1-5250-453C-939C-26EE51D3C16F}
2012-07-14 17:22 - 2012-07-14 17:23 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{9B3E6804-B06F-43DB-882F-B44E7CB3B18E}
2012-07-11 02:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 02:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 02:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 02:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 02:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 02:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 02:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 02:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 02:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 02:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 02:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 02:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 02:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 02:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 02:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 02:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 02:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 02:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 02:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 02:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 02:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 02:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 02:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 02:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 02:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 02:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 02:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 02:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 02:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 21:27 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:27 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:27 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:27 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:27 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 21:27 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:27 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:27 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:27 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:27 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:27 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:27 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:27 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:27 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:27 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:27 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:27 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:27 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:27 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-07 17:56 - 2012-07-07 17:57 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{9561ABDE-0FF0-491D-9716-51EE651F8428}
2012-07-07 17:56 - 2012-07-07 17:56 - 00000000 ____D C:\Users\Sean Einy\AppData\Local\{F04CEB5C-E7B7-4E3A-8F03-445721544307}

============ 3 Months Modified Files ========================

2012-08-04 01:17 - 2011-03-13 13:45 - 01686023 ____A C:\Windows\WindowsUpdate.log
2012-08-04 01:01 - 2011-09-13 22:31 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
2012-08-04 01:01 - 2011-09-13 22:31 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
2012-08-04 00:59 - 2011-11-22 10:48 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000UA.job
2012-08-04 00:52 - 2011-11-22 11:31 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 00:42 - 2012-07-18 07:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 23:01 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 23:01 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 22:58 - 2009-07-13 21:13 - 00863096 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 22:54 - 2011-11-22 11:31 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 22:53 - 2012-07-28 07:36 - 00006276 ____A C:\Windows\setupact.log
2012-08-03 22:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 21:59 - 2012-08-03 21:59 - 01438425 ____A (Farbar) C:\Users\Sean Einy\Desktop\FRST64.exe
2012-08-03 21:43 - 2012-08-03 21:43 - 00038971 ____A C:\Users\Sean Einy\Desktop\ComboFix8-3-12.txt
2012-08-03 21:43 - 2012-08-03 21:43 - 00038971 ____A C:\ComboFix.txt
2012-08-03 21:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-03 21:15 - 2012-08-01 00:15 - 00001124 ____A C:\Windows\PFRO.log
2012-08-03 20:27 - 2012-07-26 16:50 - 04724408 ____R (Swearware) C:\Users\Sean Einy\Desktop\ComboFix.exe
2012-08-03 20:22 - 2012-08-03 20:22 - 00000961 ____A C:\Users\Sean Einy\Desktop\checkup.txt
2012-08-03 20:07 - 2012-08-03 20:07 - 00881494 ____A C:\Users\Sean Einy\Desktop\SecurityCheck.exe
2012-08-03 14:38 - 2011-11-22 10:48 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266775593-2276910581-870900397-1000Core.job
2012-07-31 21:40 - 2012-07-31 21:40 - 00000024 ____A C:\Users\Sean Einy\AppData\Local\73648-88365-27475-00IP7-22847
2012-07-31 21:15 - 2012-07-31 21:15 - 03035797 ____A (iCopyExpert.com ) C:\Users\Sean Einy\Downloads\icopyexpert_setup.exe
2012-07-31 15:13 - 2012-07-31 15:13 - 00266240 ____A C:\Users\Sean Einy\Downloads\Speedtest_TuneUpUtilities2012_en-US.exe
2012-07-30 18:54 - 2012-07-30 15:51 - 1070445163 ____A C:\Users\Sean Einy\Downloads\Breaking.Bad.S05E03.720p.HDTV.x264-EVOLVE.mkv
2012-07-29 19:22 - 2012-07-26 16:40 - 00000998 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-29 09:32 - 2011-04-25 19:41 - 00134744 ____A C:\Users\Sean Einy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-29 09:29 - 2012-07-29 09:29 - 00016909 ____A C:\Users\Sean Einy\Desktop\AnvirHijackThisPro.txt.txt
2012-07-28 15:14 - 2011-07-11 06:52 - 00938606 ____A C:\Users\Sean Einy\Documents\Rollette.xlsm
2012-07-28 13:42 - 2009-07-13 20:45 - 05041976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-28 13:36 - 2012-07-28 13:36 - 00029145 ____A C:\Users\Sean Einy\Desktop\Attach.txt
2012-07-28 13:35 - 2012-07-28 13:35 - 00039196 ____A C:\Users\Sean Einy\Desktop\DDS.txt
2012-07-28 13:22 - 2012-07-28 13:23 - 00607260 ____R (Swearware) C:\Users\Sean Einy\Desktop\dds.exe
2012-07-28 12:52 - 2012-07-28 12:52 - 00000480 ____A C:\Users\Sean Einy\Desktop\defogger_disable.log
2012-07-28 12:52 - 2012-07-28 12:52 - 00000000 ____A C:\Users\Sean Einy\defogger_reenable
2012-07-28 12:51 - 2012-07-28 12:51 - 00050477 ____A C:\Users\Sean Einy\Desktop\Defogger.exe
2012-07-28 11:05 - 2012-07-28 11:05 - 00118246 ____A C:\Users\Sean Einy\Desktop\Extras.Txt
2012-07-28 11:04 - 2012-07-28 11:04 - 00177278 ____A C:\Users\Sean Einy\Desktop\OTL.Txt
2012-07-28 09:44 - 2012-07-28 09:44 - 00302592 ____A C:\Users\Sean Einy\Desktop\vjburg8t.exe
2012-07-28 09:42 - 2012-07-28 09:42 - 00597504 ____A (OldTimer Tools) C:\Users\Sean Einy\Desktop\OTL.exe
2012-07-28 07:52 - 2012-07-28 07:52 - 00013351 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections8.htm
2012-07-28 07:49 - 2012-07-28 07:49 - 00005012 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections7.htm
2012-07-28 07:47 - 2012-07-28 07:46 - 00004204 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections6.htm
2012-07-28 07:36 - 2012-07-28 07:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-28 05:00 - 2012-07-28 05:00 - 00041822 ____A C:\Users\Sean Einy\Desktop\ComboFix.txt
2012-07-27 13:49 - 2012-02-02 15:07 - 00001429 ____A C:\Users\Sean Einy\Desktop\CopyTrans Control Center.lnk
2012-07-27 12:18 - 2012-07-27 12:18 - 00124688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2012-07-27 12:18 - 2012-07-27 12:18 - 00067376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SYSINFO.OCX
2012-07-27 12:18 - 2000-05-22 16:58 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2012-07-27 12:18 - 1999-06-22 16:36 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2012-07-27 12:16 - 2012-07-27 12:16 - 05238170 ____A C:\Users\Sean Einy\Downloads\SpeedTest.exe
2012-07-27 12:16 - 2012-03-12 11:53 - 00107008 __ASH C:\Users\Sean Einy\Thumbs.db
2012-07-27 11:44 - 2009-07-13 18:34 - 00017486 ____A C:\Windows\System32\Drivers\etc\services
2012-07-27 11:41 - 2012-07-27 11:36 - 186291464 ____A (AirMagnet Inc. ) C:\Users\Sean Einy\Downloads\AirMagnet_WiFi_DemoInstaller.exe
2012-07-26 19:27 - 2012-07-26 19:27 - 00002336 ____A C:\Users\Sean Einy\Documents\AnVir_Connections5.htm
2012-07-26 19:12 - 2012-07-26 19:12 - 00025677 ____A C:\Users\Sean Einy\Documents\AnVir_Connections4.htm
2012-07-26 18:53 - 2012-07-26 18:53 - 00013224 ____A C:\Users\Sean Einy\Documents\AnVir_Connections3.htm
2012-07-26 16:46 - 2011-04-25 20:29 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-26 16:37 - 2012-07-26 16:37 - 00001275 ____A C:\Users\Sean Einy\Desktop\Revo Uninstaller.lnk
2012-07-26 16:25 - 2012-07-26 16:25 - 03907920 ____A (Piriform Ltd) C:\Users\Sean Einy\Downloads\ccsetup321.exe
2012-07-26 16:21 - 2012-07-26 16:21 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Sean Einy\Downloads\revosetup.exe
2012-07-26 15:38 - 2012-07-26 15:38 - 00016233 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections1.htm
2012-07-26 15:11 - 2012-07-26 15:11 - 00011433 ____A C:\Users\Sean Einy\Desktop\AnVir_Connections.htm
2012-07-26 13:33 - 2012-07-26 13:25 - 141573488 ____A C:\Users\Sean Einy\Downloads\setup_11.0.0.1245.x01_2012_07_26_23_02.exe
2012-07-26 13:13 - 2012-04-03 12:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-26 13:13 - 2011-05-24 18:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 08:53 - 2012-07-26 08:53 - 00001097 ____A C:\Users\Sean Einy\Desktop\AnVir Task Manager Pro.lnk
2012-07-26 08:51 - 2012-07-26 08:51 - 07669480 ____A C:\Users\Sean Einy\Downloads\taskpro.exe
2012-07-26 08:37 - 2012-07-26 08:37 - 01105024 ____A C:\Users\Sean Einy\Downloads\Anvir-task-manager-pro_6.3_downloader.exe
2012-07-26 01:08 - 2012-07-26 01:08 - 04719627 ____R (Swearware) C:\Users\Sean Einy\Downloads\ComboFix.exe
2012-07-25 19:01 - 2012-07-25 19:01 - 04731392 ____A (AVAST Software) C:\Users\Sean Einy\Downloads\aswMBR (1).exe
2012-07-25 19:00 - 2012-07-25 18:59 - 04731392 ____A (AVAST Software) C:\Users\Sean Einy\Downloads\aswMBR.exe
2012-07-25 12:01 - 2012-07-25 12:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-25 12:01 - 2012-07-25 12:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-25 11:59 - 2012-07-25 11:58 - 00893936 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\chromeinstall-7u5.exe
2012-07-25 10:44 - 2012-07-25 10:44 - 00138120 ____A (ESET) C:\Users\Sean Einy\Downloads\ESETSirefefRemover.exe
2012-07-25 10:44 - 2012-07-25 10:44 - 00000000 ____A C:\Users\Sean Einy\Downloads\ServicesRepair.exe.rl4wsue.partial
2012-07-25 08:37 - 2012-07-25 08:37 - 08351040 ____A (AVG ) C:\Users\Sean Einy\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-07-25 08:35 - 2012-07-25 08:35 - 00027520 ____A C:\Users\Sean Einy\AppData\Local\dt.dat
2012-07-25 08:26 - 2012-07-25 08:26 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 08:25 - 2012-07-25 08:25 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-25 08:15 - 2012-07-25 08:15 - 03879800 ____A (AVG Technologies) C:\Users\Sean Einy\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-24 22:54 - 2012-07-24 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1C660915A571BB8
2012-07-24 22:49 - 2012-07-24 22:49 - 13806733 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\jre-7u5-windows-x64 (1).exe.74nhx2n.partial
2012-07-24 22:48 - 2012-07-24 22:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C5A24DFA322C272
2012-07-24 22:35 - 2011-04-25 20:29 - 00880682 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-24 15:38 - 2012-07-24 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3B2C6CD35486271
2012-07-24 15:33 - 2012-07-24 15:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE4CF34302B892BA
2012-07-24 15:28 - 2012-07-24 15:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DFC60C61EDA6A0E
2012-07-24 15:23 - 2012-07-24 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C3A288AC786442A
2012-07-24 15:15 - 2012-07-24 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.278084EE499E4A6F
2012-07-24 15:11 - 2012-07-24 15:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E412EE286C6E923
2012-07-24 15:07 - 2012-07-24 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00C00CC71CD36C11
2012-07-24 14:43 - 2012-07-24 14:43 - 00000165 ___AH C:\Users\Sean Einy\Desktop\~$party app econ model.xlsx
2012-07-24 14:23 - 2012-07-24 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA8CEEF20C649571
2012-07-24 13:12 - 2012-07-24 13:12 - 00000456 ____A C:\Users\Sean Einy\Desktop\eset av 17-24-12.txt
2012-07-24 10:34 - 2012-07-24 10:34 - 12621696 ____A (Microsoft Corporation) C:\Users\Sean Einy\Downloads\mseinstall.exe
2012-07-24 05:38 - 2012-07-24 05:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E060A88476F3F0D
2012-07-24 04:44 - 2012-07-24 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB49F46C4F0DB74
2012-07-24 04:38 - 2012-07-24 04:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B666882A9274B559
2012-07-24 04:38 - 2012-07-24 04:38 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mifdmeeu.sys
2012-07-24 04:31 - 2012-07-24 04:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82969D036F721C1D
2012-07-24 04:27 - 2012-07-24 04:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF2783C7C8517DF6
2012-07-24 04:23 - 2012-07-24 04:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1AFC480A711F13E
2012-07-24 04:18 - 2012-07-24 04:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.765953A4D99D696C
2012-07-24 04:14 - 2012-07-24 04:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29F243923D4184C
2012-07-24 04:09 - 2012-07-24 04:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49E7882FB07DBDB3
2012-07-24 04:07 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-24 04:05 - 2012-07-24 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90EBD0F3E7F47C46
2012-07-24 04:00 - 2012-07-24 04:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9544C650E422BB1
2012-07-24 03:56 - 2012-07-24 03:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BEBDCB34A96C96
2012-07-24 03:51 - 2012-07-24 03:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D8F7EA2066D84E4
2012-07-24 03:47 - 2012-07-24 03:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C83BFB1A20EA796
2012-07-24 03:42 - 2012-07-24 03:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB3F258B5D8D74DD
2012-07-24 03:38 - 2012-07-24 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D30ED45578FCF41
2012-07-24 03:33 - 2012-07-24 03:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68BDF6E96298D3A4
2012-07-24 03:29 - 2012-07-24 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE6CCA24BED14E16
2012-07-24 03:25 - 2012-07-24 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5F7E4052E46E15C
2012-07-24 03:20 - 2012-07-24 03:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA66D2EE3ED4A51B
2012-07-24 03:16 - 2012-07-24 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC38F9F26C51B630
2012-07-24 03:11 - 2012-07-24 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCAC8E557CCCAA03
2012-07-24 03:07 - 2012-07-24 03:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B2B810D9B72B6E6
2012-07-24 03:02 - 2012-07-24 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E0EECC3BD39995D5
2012-07-24 02:58 - 2012-07-24 02:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AFAB09BBAC9F30C
2012-07-24 02:53 - 2012-07-24 02:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.001FB67C5BB57632
2012-07-24 02:49 - 2012-07-24 02:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AD2F00CAB13D8AD
2012-07-24 02:44 - 2012-07-24 02:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.384413642B855C7B
2012-07-24 02:40 - 2012-07-24 02:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.67BF7FD18B81C7F2
2012-07-24 02:36 - 2012-07-24 02:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DF39D05238C2AA2
2012-07-24 02:31 - 2012-07-24 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C614805ADC4830A8
2012-07-24 02:27 - 2012-07-24 02:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D69F9B3FA4C3F29F
2012-07-24 02:22 - 2012-07-24 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7D1E34CE377ADAB
2012-07-24 02:18 - 2012-07-24 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3665D2D6D495E639
2012-07-24 02:13 - 2012-07-24 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0244F0CFBF6FEA3D
2012-07-24 02:09 - 2012-07-24 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA715C0A4AE96788
2012-07-24 02:05 - 2012-07-24 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5176CB65919B1855
2012-07-24 02:00 - 2012-07-24 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.215EAC911CE1E6E4
2012-07-24 01:56 - 2012-07-24 01:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.485B5E9D40D93757
2012-07-24 01:51 - 2012-07-24 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96B3CB31A0891BBB
2012-07-24 01:47 - 2012-07-24 01:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C3419C59BD625F
2012-07-24 01:42 - 2012-07-24 01:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7F7BF8580A2AF7AF
2012-07-24 01:38 - 2012-07-24 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D3046F496668E23
2012-07-24 01:33 - 2012-07-24 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FF59E1186DE1B70
2012-07-24 01:29 - 2012-07-24 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D0F0A3D518F25A1
2012-07-24 01:25 - 2012-07-24 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB1074553884DE53
2012-07-24 01:20 - 2012-07-24 01:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.179FF81814754A27
2012-07-24 01:16 - 2012-07-24 01:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A5F7CF2FE1AE0BB
2012-07-24 01:11 - 2012-07-24 01:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95286B40451E3870
2012-07-24 01:07 - 2012-07-24 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B785E0454D9CC49
2012-07-24 01:03 - 2012-07-24 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B07AEF26E7C98E75
2012-07-24 00:58 - 2012-07-24 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30FAB4A6448D6068
2012-07-24 00:54 - 2012-07-24 00:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7FF45CCE5EF498
2012-07-24 00:49 - 2012-07-24 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F5155B228DE671A
2012-07-24 00:45 - 2012-07-24 00:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AEEDBBE40BF9571
2012-07-24 00:41 - 2012-07-24 00:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D26FF4A49614015
2012-07-24 00:36 - 2012-07-24 00:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3FA6B9040CB36B3
2012-07-24 00:32 - 2012-07-24 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78E1C027DBCB0B6E
2012-07-24 00:27 - 2012-07-24 00:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA1E4537DA0E5140
2012-07-24 00:23 - 2012-07-24 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5906740732EC9AD
2012-07-24 00:19 - 2012-07-24 00:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9AF9F38D04A3678
2012-07-24 00:14 - 2012-07-24 00:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F5706EF5137616D
2012-07-24 00:10 - 2012-07-24 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7A32F0EB8E2FAFB
2012-07-24 00:05 - 2012-07-24 00:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64DFE7CCD2D2E23
2012-07-24 00:01 - 2012-07-24 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.08F64B268AD9B423
2012-07-23 23:56 - 2012-07-23 23:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61F3853271E93FF0
2012-07-23 23:52 - 2012-07-23 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3EF5CD7F4C2AFFC6
2012-07-23 23:48 - 2012-07-23 23:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73A7CCF70FDAE014
2012-07-23 23:43 - 2012-07-23 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30C80689493F1FF0
2012-07-23 23:39 - 2012-07-23 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3887067EFD4E7D4
2012-07-23 23:34 - 2012-07-23 23:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.408E896A9023D3F6
2012-07-23 23:30 - 2012-07-23 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E0E9B8687C1DE92
2012-07-23 23:26 - 2012-07-23 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4E5116ECDE2E04F
2012-07-23 23:21 - 2012-07-23 23:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE15D6E2E12855B3
2012-07-23 23:17 - 2012-07-23 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A2D03EE9167DC4
2012-07-23 23:12 - 2012-07-23 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D29DE26DBB80C1
2012-07-23 23:08 - 2012-07-23 23:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5578DF69E13FBA52
2012-07-23 23:04 - 2012-07-23 23:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45760D635C213098
2012-07-23 22:59 - 2012-07-23 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58831F73499A678E
2012-07-23 22:55 - 2012-07-23 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E80B3360FD464A7
2012-07-23 22:51 - 2012-07-23 22:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50EC324537552FFC
2012-07-23 22:47 - 2012-07-23 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D81E6275D0E6D164
2012-07-23 22:43 - 2012-07-23 22:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A318BBD25477E69
2012-07-23 22:39 - 2012-07-23 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4BAE1E4993CDFA6
2012-07-23 22:35 - 2012-07-23 22:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493B0C6D3704D36
2012-07-23 22:31 - 2012-07-23 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA26B17588F85E36
2012-07-23 22:27 - 2012-07-23 22:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4608B6CC9541F9D6
2012-07-23 22:23 - 2012-07-23 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8742B4E2A7140735
2012-07-23 22:10 - 2012-07-23 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE46CC01255418A1
2012-07-23 22:06 - 2012-07-23 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16A2DA2B8F2528CF
2012-07-23 16:49 - 2011-08-24 03:38 - 00001456 ____A C:\Users\Sean Einy\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-23 09:10 - 2012-07-23 09:10 - 00001092 ____A C:\Users\Public\Desktop\Exterminate It!.lnk
2012-07-23 09:10 - 2012-07-23 08:57 - 127310358 ____A (CURIOLAB S.M.B.A.) C:\Users\Sean Einy\Downloads\ExterminateItSetup-swpl.exe
2012-07-23 08:57 - 2012-07-23 08:57 - 00367240 ____A (RegNow.com) C:\Users\Sean Einy\Downloads\Download_ExterminateItSetup-swpl.exe
2012-07-23 02:16 - 2012-07-23 02:16 - 07255056 ____A C:\Users\Sean Einy\Downloads\ewido-setup.exe
2012-07-23 02:16 - 2012-07-23 02:16 - 00582864 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Malware.exe
2012-07-23 01:55 - 2012-07-23 01:55 - 08399438 ____A C:\Users\Sean Einy\Downloads\ewido-setup_4.0.0.172.exe
2012-07-23 01:55 - 2012-07-23 01:55 - 00582872 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Spyware (1).exe
2012-07-23 01:51 - 2012-07-23 01:51 - 00582872 ____A C:\Users\Sean Einy\Downloads\Brothersoft_downloader_For_Ewido_Anti_Spyware.exe
2012-07-22 20:38 - 2012-07-21 08:42 - 00000053 ____A C:\Windows\wininit.ini
2012-07-22 19:12 - 2012-07-22 19:12 - 00302592 ____A C:\Users\Sean Einy\Downloads\o9j1bhzm.exe
2012-07-22 19:01 - 2012-07-22 19:01 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-22 15:41 - 2012-07-22 15:41 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-22 11:05 - 2012-07-22 11:05 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-22 11:05 - 2012-07-22 11:05 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-22 11:05 - 2012-07-22 11:04 - 21869552 ____A (Oracle Corporation) C:\Users\Sean Einy\Downloads\jre-7u5-windows-x64.exe
2012-07-22 08:13 - 2012-07-22 08:05 - 550881519 ____A C:\Users\Sean Einy\Documents\kav 7-21-12.txt
2012-07-21 18:10 - 2012-07-21 18:09 - 00001440 __ASH C:\Windows\4837805drv.spi
2012-07-21 10:39 - 2011-03-13 13:56 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-07-21 00:14 - 2012-07-21 00:14 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sean Einy\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-20 23:02 - 2012-07-20 23:02 - 00000512 ____A C:\Users\Sean Einy\Downloads\MBRCheck_MBR_Backup_07-21-12_00-02-11.bak
2012-07-18 22:02 - 2011-11-15 01:07 - 00109056 __ASH C:\Users\Sean Einy\Documents\Thumbs.db
2012-07-18 07:42 - 2012-05-21 13:52 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-11 08:59 - 2011-04-25 19:39 - 00000502 ____A C:\Users\Sean Einy\Downloads\Desktop.lnk
2012-07-11 02:03 - 2011-04-25 20:23 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 21:06 - 2012-07-25 12:01 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 21:06 - 2012-07-25 12:01 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 21:06 - 2011-10-23 01:25 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-15 00:19 - 2012-06-13 18:22 - 00022115 ____A C:\Users\Sean Einy\Documents\Medical Case Managers Bus Plan.xlsx
2012-06-11 19:08 - 2012-07-11 02:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 21:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 21:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 21:27 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 21:27 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 21:27 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 21:27 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 21:27 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 21:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 15:20 - 2012-06-02 15:20 - 00012773 ____A C:\Users\Sean Einy\Desktop\Book1.xlsx
2012-06-02 14:19 - 2012-06-20 23:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 23:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 23:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-20 23:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 23:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 23:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 23:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 23:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-20 23:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 21:27 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 21:27 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 21:27 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 21:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 21:27 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 21:27 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 21:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 20:09 - 2012-06-01 20:09 - 00000000 ____A C:\Users\Sean Einy\Documents\phr sales.txt
2012-05-13 09:16 - 2011-11-12 14:36 - 00005120 ____A C:\Users\Sean Einy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-08 10:17 - 2012-05-08 09:19 - 00004096 ____A C:\Users\Sean Einy\AppData\Local\keyfile3.drm

ZeroAccess:
C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}
C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}\L
C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6050.69 MB
Available physical RAM: 5275.96 MB
Total Pagefile: 6048.84 MB
Available Pagefile: 5279.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106051W0J) (Fixed) (Total:581.71 GB) (Free:215.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:0.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Repair disc 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
4 Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:257.72 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 581 GB 1501 MB
Partition 3 Primary 13 GB 583 GB
Partition 4 Primary 336 KB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106051W0J NTFS Partition 581 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FreeAgent G NTFS Partition 931 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 00:23

======================= End Of Log ==========================



Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 02:28:39
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-26 02:21] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 04 August 2012 - 03:02 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa}
2012-07-24 22:54 - 2012-07-24 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1C660915A571BB8
2012-07-24 22:48 - 2012-07-24 22:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C5A24DFA322C272
2012-07-24 15:38 - 2012-07-24 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3B2C6CD35486271
2012-07-24 15:33 - 2012-07-24 15:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE4CF34302B892BA
2012-07-24 15:28 - 2012-07-24 15:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3DFC60C61EDA6A0E
2012-07-24 15:23 - 2012-07-24 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C3A288AC786442A
2012-07-24 15:15 - 2012-07-24 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.278084EE499E4A6F
2012-07-24 15:11 - 2012-07-24 15:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E412EE286C6E923
2012-07-24 15:07 - 2012-07-24 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00C00CC71CD36C11
2012-07-24 14:23 - 2012-07-24 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA8CEEF20C649571
2012-07-24 05:38 - 2012-07-24 05:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E060A88476F3F0D
2012-07-24 04:44 - 2012-07-24 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB49F46C4F0DB74
2012-07-24 04:38 - 2012-07-24 04:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B666882A9274B559
2012-07-24 04:31 - 2012-07-24 04:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82969D036F721C1D
2012-07-24 04:27 - 2012-07-24 04:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF2783C7C8517DF6
2012-07-24 04:23 - 2012-07-24 04:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1AFC480A711F13E
2012-07-24 04:18 - 2012-07-24 04:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.765953A4D99D696C
2012-07-24 04:14 - 2012-07-24 04:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29F243923D4184C
2012-07-24 04:09 - 2012-07-24 04:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49E7882FB07DBDB3
2012-07-24 04:05 - 2012-07-24 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90EBD0F3E7F47C46
2012-07-24 04:00 - 2012-07-24 04:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9544C650E422BB1
2012-07-24 03:56 - 2012-07-24 03:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52BEBDCB34A96C96
2012-07-24 03:51 - 2012-07-24 03:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D8F7EA2066D84E4
2012-07-24 03:47 - 2012-07-24 03:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C83BFB1A20EA796
2012-07-24 03:42 - 2012-07-24 03:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB3F258B5D8D74DD
2012-07-24 03:38 - 2012-07-24 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D30ED45578FCF41
2012-07-24 03:33 - 2012-07-24 03:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68BDF6E96298D3A4
2012-07-24 03:29 - 2012-07-24 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE6CCA24BED14E16
2012-07-24 03:25 - 2012-07-24 03:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5F7E4052E46E15C
2012-07-24 03:20 - 2012-07-24 03:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA66D2EE3ED4A51B
2012-07-24 03:16 - 2012-07-24 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC38F9F26C51B630
2012-07-24 03:11 - 2012-07-24 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCAC8E557CCCAA03
2012-07-24 03:07 - 2012-07-24 03:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B2B810D9B72B6E6
2012-07-24 03:02 - 2012-07-24 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E0EECC3BD39995D5
2012-07-24 02:58 - 2012-07-24 02:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AFAB09BBAC9F30C
2012-07-24 02:53 - 2012-07-24 02:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.001FB67C5BB57632
2012-07-24 02:49 - 2012-07-24 02:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3AD2F00CAB13D8AD
2012-07-24 02:44 - 2012-07-24 02:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.384413642B855C7B
2012-07-24 02:40 - 2012-07-24 02:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.67BF7FD18B81C7F2
2012-07-24 02:36 - 2012-07-24 02:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DF39D05238C2AA2
2012-07-24 02:31 - 2012-07-24 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C614805ADC4830A8
2012-07-24 02:27 - 2012-07-24 02:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D69F9B3FA4C3F29F
2012-07-24 02:22 - 2012-07-24 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7D1E34CE377ADAB
2012-07-24 02:18 - 2012-07-24 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3665D2D6D495E639
2012-07-24 02:13 - 2012-07-24 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0244F0CFBF6FEA3D
2012-07-24 02:09 - 2012-07-24 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA715C0A4AE96788
2012-07-24 02:05 - 2012-07-24 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5176CB65919B1855
2012-07-24 02:00 - 2012-07-24 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.215EAC911CE1E6E4
2012-07-24 01:56 - 2012-07-24 01:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.485B5E9D40D93757
2012-07-24 01:51 - 2012-07-24 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96B3CB31A0891BBB
2012-07-24 01:47 - 2012-07-24 01:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C3419C59BD625F
2012-07-24 01:42 - 2012-07-24 01:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7F7BF8580A2AF7AF
2012-07-24 01:38 - 2012-07-24 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D3046F496668E23
2012-07-24 01:33 - 2012-07-24 01:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FF59E1186DE1B70
2012-07-24 01:29 - 2012-07-24 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D0F0A3D518F25A1
2012-07-24 01:25 - 2012-07-24 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB1074553884DE53
2012-07-24 01:20 - 2012-07-24 01:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.179FF81814754A27
2012-07-24 01:16 - 2012-07-24 01:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A5F7CF2FE1AE0BB
2012-07-24 01:11 - 2012-07-24 01:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95286B40451E3870
2012-07-24 01:07 - 2012-07-24 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B785E0454D9CC49
2012-07-24 01:03 - 2012-07-24 01:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B07AEF26E7C98E75
2012-07-24 00:58 - 2012-07-24 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30FAB4A6448D6068
2012-07-24 00:54 - 2012-07-24 00:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E7FF45CCE5EF498
2012-07-24 00:49 - 2012-07-24 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F5155B228DE671A
2012-07-24 00:45 - 2012-07-24 00:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AEEDBBE40BF9571
2012-07-24 00:41 - 2012-07-24 00:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D26FF4A49614015
2012-07-24 00:36 - 2012-07-24 00:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3FA6B9040CB36B3
2012-07-24 00:32 - 2012-07-24 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78E1C027DBCB0B6E
2012-07-24 00:27 - 2012-07-24 00:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA1E4537DA0E5140
2012-07-24 00:23 - 2012-07-24 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5906740732EC9AD
2012-07-24 00:19 - 2012-07-24 00:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9AF9F38D04A3678
2012-07-24 00:14 - 2012-07-24 00:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F5706EF5137616D
2012-07-24 00:10 - 2012-07-24 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7A32F0EB8E2FAFB
2012-07-24 00:05 - 2012-07-24 00:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64DFE7CCD2D2E23
2012-07-24 00:01 - 2012-07-24 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.08F64B268AD9B423
2012-07-23 23:56 - 2012-07-23 23:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61F3853271E93FF0
2012-07-23 23:52 - 2012-07-23 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3EF5CD7F4C2AFFC6
2012-07-23 23:48 - 2012-07-23 23:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73A7CCF70FDAE014
2012-07-23 23:43 - 2012-07-23 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30C80689493F1FF0
2012-07-23 23:39 - 2012-07-23 23:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3887067EFD4E7D4
2012-07-23 23:34 - 2012-07-23 23:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.408E896A9023D3F6
2012-07-23 23:30 - 2012-07-23 23:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E0E9B8687C1DE92
2012-07-23 23:26 - 2012-07-23 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4E5116ECDE2E04F
2012-07-23 23:21 - 2012-07-23 23:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE15D6E2E12855B3
2012-07-23 23:17 - 2012-07-23 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A2D03EE9167DC4
2012-07-23 23:12 - 2012-07-23 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D29DE26DBB80C1
2012-07-23 23:08 - 2012-07-23 23:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5578DF69E13FBA52
2012-07-23 23:04 - 2012-07-23 23:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45760D635C213098
2012-07-23 22:59 - 2012-07-23 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58831F73499A678E
2012-07-23 22:55 - 2012-07-23 22:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E80B3360FD464A7
2012-07-23 22:51 - 2012-07-23 22:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50EC324537552FFC
2012-07-23 22:47 - 2012-07-23 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D81E6275D0E6D164
2012-07-23 22:43 - 2012-07-23 22:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A318BBD25477E69
2012-07-23 22:39 - 2012-07-23 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4BAE1E4993CDFA6
2012-07-23 22:35 - 2012-07-23 22:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493B0C6D3704D36
2012-07-23 22:31 - 2012-07-23 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA26B17588F85E36
2012-07-23 22:27 - 2012-07-23 22:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4608B6CC9541F9D6
2012-07-23 22:23 - 2012-07-23 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8742B4E2A7140735
2012-07-23 22:10 - 2012-07-23 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE46CC01255418A1
2012-07-23 22:06 - 2012-07-23 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16A2DA2B8F2528CF
1 vfkwonqv; \??\C:\windows\system32\drivers\vfkwonqv.sys [x]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 03:43 PM

I just rebooted the computer after the fix so I cannot give any update as to its condition after I ran the fix

Thanks

Sean

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 13:37:08 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{b815768f-eb22-5c7b-fbca-993571e2f1aa} moved successfully.
C:\Windows\System32\services.exe.B1C660915A571BB8 moved successfully.
C:\Windows\System32\services.exe.3C5A24DFA322C272 moved successfully.
C:\Windows\System32\services.exe.F3B2C6CD35486271 moved successfully.
C:\Windows\System32\services.exe.EE4CF34302B892BA moved successfully.
C:\Windows\System32\services.exe.3DFC60C61EDA6A0E moved successfully.
C:\Windows\System32\services.exe.0C3A288AC786442A moved successfully.
C:\Windows\System32\services.exe.278084EE499E4A6F moved successfully.
C:\Windows\System32\services.exe.8E412EE286C6E923 moved successfully.
C:\Windows\System32\services.exe.00C00CC71CD36C11 moved successfully.
C:\Windows\System32\services.exe.AA8CEEF20C649571 moved successfully.
C:\Windows\System32\services.exe.7E060A88476F3F0D moved successfully.
C:\Windows\System32\services.exe.5DB49F46C4F0DB74 moved successfully.
C:\Windows\System32\services.exe.B666882A9274B559 moved successfully.
C:\Windows\System32\services.exe.82969D036F721C1D moved successfully.
C:\Windows\System32\services.exe.CF2783C7C8517DF6 moved successfully.
C:\Windows\System32\services.exe.A1AFC480A711F13E moved successfully.
C:\Windows\System32\services.exe.765953A4D99D696C moved successfully.
C:\Windows\System32\services.exe.D29F243923D4184C moved successfully.
C:\Windows\System32\services.exe.49E7882FB07DBDB3 moved successfully.
C:\Windows\System32\services.exe.90EBD0F3E7F47C46 moved successfully.
C:\Windows\System32\services.exe.E9544C650E422BB1 moved successfully.
C:\Windows\System32\services.exe.52BEBDCB34A96C96 moved successfully.
C:\Windows\System32\services.exe.6D8F7EA2066D84E4 moved successfully.
C:\Windows\System32\services.exe.8C83BFB1A20EA796 moved successfully.
C:\Windows\System32\services.exe.DB3F258B5D8D74DD moved successfully.
C:\Windows\System32\services.exe.4D30ED45578FCF41 moved successfully.
C:\Windows\System32\services.exe.68BDF6E96298D3A4 moved successfully.
C:\Windows\System32\services.exe.DE6CCA24BED14E16 moved successfully.
C:\Windows\System32\services.exe.C5F7E4052E46E15C moved successfully.
C:\Windows\System32\services.exe.FA66D2EE3ED4A51B moved successfully.
C:\Windows\System32\services.exe.EC38F9F26C51B630 moved successfully.
C:\Windows\System32\services.exe.BCAC8E557CCCAA03 moved successfully.
C:\Windows\System32\services.exe.5B2B810D9B72B6E6 moved successfully.
C:\Windows\System32\services.exe.E0EECC3BD39995D5 moved successfully.
C:\Windows\System32\services.exe.1AFAB09BBAC9F30C moved successfully.
C:\Windows\System32\services.exe.001FB67C5BB57632 moved successfully.
C:\Windows\System32\services.exe.3AD2F00CAB13D8AD moved successfully.
C:\Windows\System32\services.exe.384413642B855C7B moved successfully.
C:\Windows\System32\services.exe.67BF7FD18B81C7F2 moved successfully.
C:\Windows\System32\services.exe.4DF39D05238C2AA2 moved successfully.
C:\Windows\System32\services.exe.C614805ADC4830A8 moved successfully.
C:\Windows\System32\services.exe.D69F9B3FA4C3F29F moved successfully.
C:\Windows\System32\services.exe.F7D1E34CE377ADAB moved successfully.
C:\Windows\System32\services.exe.3665D2D6D495E639 moved successfully.
C:\Windows\System32\services.exe.0244F0CFBF6FEA3D moved successfully.
C:\Windows\System32\services.exe.DA715C0A4AE96788 moved successfully.
C:\Windows\System32\services.exe.5176CB65919B1855 moved successfully.
C:\Windows\System32\services.exe.215EAC911CE1E6E4 moved successfully.
C:\Windows\System32\services.exe.485B5E9D40D93757 moved successfully.
C:\Windows\System32\services.exe.96B3CB31A0891BBB moved successfully.
C:\Windows\System32\services.exe.20C3419C59BD625F moved successfully.
C:\Windows\System32\services.exe.7F7BF8580A2AF7AF moved successfully.
C:\Windows\System32\services.exe.7D3046F496668E23 moved successfully.
C:\Windows\System32\services.exe.3FF59E1186DE1B70 moved successfully.
C:\Windows\System32\services.exe.5D0F0A3D518F25A1 moved successfully.
C:\Windows\System32\services.exe.BB1074553884DE53 moved successfully.
C:\Windows\System32\services.exe.179FF81814754A27 moved successfully.
C:\Windows\System32\services.exe.2A5F7CF2FE1AE0BB moved successfully.
C:\Windows\System32\services.exe.95286B40451E3870 moved successfully.
C:\Windows\System32\services.exe.8B785E0454D9CC49 moved successfully.
C:\Windows\System32\services.exe.B07AEF26E7C98E75 moved successfully.
C:\Windows\System32\services.exe.30FAB4A6448D6068 moved successfully.
C:\Windows\System32\services.exe.0E7FF45CCE5EF498 moved successfully.
C:\Windows\System32\services.exe.6F5155B228DE671A moved successfully.
C:\Windows\System32\services.exe.9AEEDBBE40BF9571 moved successfully.
C:\Windows\System32\services.exe.2D26FF4A49614015 moved successfully.
C:\Windows\System32\services.exe.B3FA6B9040CB36B3 moved successfully.
C:\Windows\System32\services.exe.78E1C027DBCB0B6E moved successfully.
C:\Windows\System32\services.exe.FA1E4537DA0E5140 moved successfully.
C:\Windows\System32\services.exe.C5906740732EC9AD moved successfully.
C:\Windows\System32\services.exe.C9AF9F38D04A3678 moved successfully.
C:\Windows\System32\services.exe.1F5706EF5137616D moved successfully.
C:\Windows\System32\services.exe.F7A32F0EB8E2FAFB moved successfully.
C:\Windows\System32\services.exe.D64DFE7CCD2D2E23 moved successfully.
C:\Windows\System32\services.exe.08F64B268AD9B423 moved successfully.
C:\Windows\System32\services.exe.61F3853271E93FF0 moved successfully.
C:\Windows\System32\services.exe.3EF5CD7F4C2AFFC6 moved successfully.
C:\Windows\System32\services.exe.73A7CCF70FDAE014 moved successfully.
C:\Windows\System32\services.exe.30C80689493F1FF0 moved successfully.
C:\Windows\System32\services.exe.D3887067EFD4E7D4 moved successfully.
C:\Windows\System32\services.exe.408E896A9023D3F6 moved successfully.
C:\Windows\System32\services.exe.8E0E9B8687C1DE92 moved successfully.
C:\Windows\System32\services.exe.B4E5116ECDE2E04F moved successfully.
C:\Windows\System32\services.exe.CE15D6E2E12855B3 moved successfully.
C:\Windows\System32\services.exe.E2A2D03EE9167DC4 moved successfully.
C:\Windows\System32\services.exe.E9D29DE26DBB80C1 moved successfully.
C:\Windows\System32\services.exe.5578DF69E13FBA52 moved successfully.
C:\Windows\System32\services.exe.45760D635C213098 moved successfully.
C:\Windows\System32\services.exe.58831F73499A678E moved successfully.
C:\Windows\System32\services.exe.4E80B3360FD464A7 moved successfully.
C:\Windows\System32\services.exe.50EC324537552FFC moved successfully.
C:\Windows\System32\services.exe.D81E6275D0E6D164 moved successfully.
C:\Windows\System32\services.exe.6A318BBD25477E69 moved successfully.
C:\Windows\System32\services.exe.A4BAE1E4993CDFA6 moved successfully.
C:\Windows\System32\services.exe.4493B0C6D3704D36 moved successfully.
C:\Windows\System32\services.exe.EA26B17588F85E36 moved successfully.
C:\Windows\System32\services.exe.4608B6CC9541F9D6 moved successfully.
C:\Windows\System32\services.exe.8742B4E2A7140735 moved successfully.
C:\Windows\System32\services.exe.FE46CC01255418A1 moved successfully.
C:\Windows\System32\services.exe.16A2DA2B8F2528CF moved successfully.
vfkwonqv service deleted successfully.

==== End of Fixlog ====

#12 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 04:00 PM

Hi Gringo

Once again thanks for your help

The computer still have same simptoms:
1. It plays music/sounds randomly using explorer.exe
2. Explorer.exe will open a form looking like a websire message saing "Thanks" with "OK" button.
3. Explorer.exe will start multiple tcp connections to multiple ip addresses and domains (not recognized) just before plaing the phantom sounds. These connections actuall upload and dowloads packets ranging from under 1kb to tens of kb using ports between 40000 and 60000
4. explorer.exe will write multiple tracking cookies just before plaing the phantom sounds
5 Google links are redirected
6. Internet connection is extremely slow via web browsers (both IE9 and Chrome)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 04 August 2012 - 04:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sean1972

sean1972
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 August 2012 - 04:23 PM

hi Gringo

TDSSKiller will not run.

A process called tdsskiller.exe starts and immidiatel another process names WerFault.exe32 starts as well and then the TDSSkiller.exe is killed.

I didn't run the aswMBR because I figuered there is a reason wh these two need to run in a sequence.

Thanks

Sean

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 AM

Posted 04 August 2012 - 04:27 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users