Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64 Agent, Conedex, Sirefef


  • This topic is locked This topic is locked
20 replies to this topic

#1 elayna_j

elayna_j

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 08 August 2012 - 07:06 AM

Hello,
ESET is deleting/quarantining these viruses 'round the clock. I'm glad it is catching them, but I don't understand why these attacks won't cease. ESET is working overtime so often that my PC is getting bogged down - though still operable, with no freezing. No redirects or ads. In the time it took me to write those first sentences, it has deleted/quarantined 6 times already.
I hope I have given you all the info you need. Thank you :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19272
Run by Elayna at 7:35:43 on 2012-08-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6108.3078 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081205
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Elayna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F5F0546-441F-4C20-AA49-1A578EB8E056} : DhcpNameServer = 192.168.1.1
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO-X64: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO-X64: Browser Address Error Redirector - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {F0626A63-410B-45E2-99A1-3F2475B2D695} - Search Assistant
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-6-8 575416]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-6-25 216080]
R2 NPF;NetGroup Packet Filter Driver;\??\C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-6-8 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-6-8 1118648]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-06 16:20:13 -------- d-----w- C:\Program Files\iPod
2012-08-06 16:20:11 -------- d-----w- C:\Program Files\iTunes
2012-08-06 16:20:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-15 07:02:16 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 09:49:15 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 09:49:15 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 09:49:14 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 09:49:14 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 09:49:13 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 09:49:13 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 09:49:12 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 09:49:12 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 09:49:12 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 09:49:12 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 09:49:12 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 09:49:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
.
==================== Find3M ====================
.
2012-08-02 19:42:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 19:42:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 18:58:46 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-06-25 18:58:44 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2012-06-24 17:05:38 96784 ----a-w- C:\Windows\SysWow64\packet.dll
2012-06-24 17:05:38 369168 ----a-w- C:\Windows\System32\wpcap.dll
2012-06-24 17:05:38 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-06-24 17:05:38 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2012-06-24 17:05:38 106000 ----a-w- C:\Windows\System32\packet.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-05-15 06:37:49 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-05-15 03:26:05 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 02:19:57 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 02:15:14 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-05-15 02:14:53 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-15 02:14:26 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-05-15 02:14:26 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-05-15 01:21:55 479232 ----a-w- C:\Windows\System32\html.iec
2012-05-15 00:40:32 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-15 00:39:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-11 15:14:50 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-05-11 15:14:26 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-05-11 15:13:20 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-05-11 15:09:04 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-05-11 15:08:58 341168 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2009-02-17 14:59:52 282624 ----a-w- C:\Program Files\MediaImpression.exe
2008-12-31 13:27:48 790528 ----a-w- C:\Program Files\RctBrowser.dll
2008-12-29 22:11:06 360448 ----a-w- C:\Program Files\PhotoViewer.exe
2008-12-29 17:48:30 184320 ----a-w- C:\Program Files\MIDownload.exe
2008-12-11 14:34:04 154112 ----a-w- C:\Program Files\CheckUpdate.exe
2008-12-08 17:21:40 227944 ----a-w- C:\Program Files\CheckUpdate.dll
2008-11-24 22:35:34 135168 ----a-w- C:\Program Files\OPRUpgrade.exe
2008-11-24 22:28:22 28672 ----a-w- C:\Program Files\ShadowWndDll.dll
2008-11-24 22:27:52 40960 ----a-w- C:\Program Files\USBStorageManager.dll
2008-11-24 22:27:38 86016 ----a-w- C:\Program Files\MIMenu.dll
2008-11-24 22:23:24 57344 ----a-w- C:\Program Files\uMyExtrasCtrl.dll
2008-11-24 22:18:24 159744 ----a-w- C:\Program Files\uPI6CommonDll.dll
2008-11-04 21:17:22 319488 ----a-w- C:\Program Files\OPHistory.exe
2008-09-27 20:14:42 487424 ----a-w- C:\Program Files\OPRCommon.dll
2008-09-24 13:51:16 36864 ----a-w- C:\Program Files\HttpAgent.dll
2008-09-05 20:01:20 86016 ----a-w- C:\Program Files\MagUIInter.dll
2008-09-04 14:11:32 104960 ----a-w- C:\Program Files\MagUIImage.dll
2008-09-04 14:11:30 268800 ----a-w- C:\Program Files\MagUIEngine.dll
2008-09-04 14:11:28 59904 ----a-w- C:\Program Files\MagPCMac.dll
2008-09-04 14:11:26 55808 ----a-w- C:\Program Files\MagicFrame.dll
2008-09-04 14:11:24 35328 ----a-w- C:\Program Files\MagCore.dll
2008-09-03 21:20:50 59904 ----a-w- C:\Program Files\TETransUtility.dll
2008-09-03 21:20:48 113152 ----a-w- C:\Program Files\TETextEngine.dll
2008-09-03 21:20:46 178688 ----a-w- C:\Program Files\TECharEngine.dll
2008-08-01 18:31:00 223744 ----a-w- C:\Program Files\MIArcCon.dll
2008-06-26 18:50:40 756224 ----a-w- C:\Program Files\ToolsCtrl.dll
2008-06-26 18:49:20 125440 ----a-w- C:\Program Files\magPltfm.dll
2008-06-26 18:48:10 866816 ----a-w- C:\Program Files\RawEngine.dll
2008-06-26 18:48:08 727552 ----a-w- C:\Program Files\X3FSDK.dll
2008-06-26 18:48:06 158208 ----a-w- C:\Program Files\magFileIO.dll
2008-06-26 18:48:04 436736 ----a-w- C:\Program Files\magFpxio.dll
2008-06-26 18:47:02 350720 ----a-w- C:\Program Files\magTools.dll
2008-06-26 18:46:56 84480 ----a-w- C:\Program Files\ImgCtrl.dll
2008-06-26 18:46:54 350720 ----a-w- C:\Program Files\magengin.dll
2008-04-18 21:28:54 299008 ----a-w- C:\Program Files\RctXMLBase.dll
2008-04-16 20:39:54 78136 ----a-w- C:\Program Files\MagAppFramework.dll
2008-03-25 19:43:02 135168 ----a-w- C:\Program Files\uArcPrintManager.dll
2007-05-24 14:08:28 97024 ----a-w- C:\Program Files\MediaImpressionUpdate.exe
2007-05-24 14:04:02 60160 ----a-w- C:\Program Files\MsgDll.dll
2007-05-24 14:03:54 31488 ----a-w- C:\Program Files\MediaImpressionRes.dll
2007-01-09 18:58:00 167936 ----a-w- C:\Program Files\dtype32.dll
2007-01-09 18:58:00 155648 ----a-w- C:\Program Files\dtype32x.dll
2006-11-09 15:07:24 150272 ----a-w- C:\Program Files\AglSwf.dll
2006-11-08 21:12:46 64256 ----a-w- C:\Program Files\kglu.dll
2006-11-08 21:12:44 256768 ----a-w- C:\Program Files\kgl.dll
2006-11-08 18:54:14 895744 ----a-w- C:\Program Files\uEzDll.dll
2006-10-14 20:13:26 981760 ----a-w- C:\Program Files\mfc42u.dll
2006-09-22 14:17:30 221184 ----a-w- C:\Program Files\Res_Dll.dll
2006-01-24 14:20:00 1645320 ----a-w- C:\Program Files\gdiplus.dll
2005-06-21 14:29:00 245408 ----a-w- C:\Program Files\unicows.dll
2005-05-27 19:09:00 1024082 ----a-w- C:\Program Files\MFC42LU.DLL
2005-05-27 18:58:00 393216 ----a-w- C:\Program Files\MSLUP60.dll
2005-05-27 18:58:00 249856 ----a-w- C:\Program Files\MSLURT.dll
2005-04-14 04:05:56 81920 ----a-w- C:\Program Files\PICSDK3.dll
2004-08-17 16:00:00 413696 ----a-w- C:\Program Files\msvcp60.dll
2004-03-03 04:10:00 483328 ----a-w- C:\Program Files\PICSDK.dll
.
============= FINISH: 7:36:34.89 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 13 August 2012 - 07:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464362 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 13 August 2012 - 01:54 PM

Hello,
Yup, I still need help! :) My PC is still having the same problems. In addition to my previous issues, the computer now occasionally will freeze up and tell me 'a host process for Windows has stopped working'. Also, svchost.exe *32 is becoming a huge CPU hog. Sometimes I go into task manager to end the process and free up my CPU (if I let it continue to run, I often get the 'host process has stopped working' message). svchost.exe *32 returns within a few minutes.

I do have the Windows Vista Reinstallation DVD that came with my PC.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19272
Run by Elayna at 14:36:23 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6108.3340 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081205
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Elayna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F5F0546-441F-4C20-AA49-1A578EB8E056} : DhcpNameServer = 192.168.1.1
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO-X64: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO-X64: Browser Address Error Redirector - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {F0626A63-410B-45E2-99A1-3F2475B2D695} - Search Assistant
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-6-8 575416]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-6-25 216080]
R2 NPF;NetGroup Packet Filter Driver;\??\C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-6-8 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-6-8 1118648]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-06 16:20:13 -------- d-----w- C:\Program Files\iPod
2012-08-06 16:20:11 -------- d-----w- C:\Program Files\iTunes
2012-08-06 16:20:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-06 16:13:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-15 07:02:16 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 19:42:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 19:42:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 18:58:46 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-06-25 18:58:44 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2012-06-24 17:05:38 96784 ----a-w- C:\Windows\SysWow64\packet.dll
2012-06-24 17:05:38 369168 ----a-w- C:\Windows\System32\wpcap.dll
2012-06-24 17:05:38 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-06-24 17:05:38 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2012-06-24 17:05:38 106000 ----a-w- C:\Windows\System32\packet.dll
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2009-02-17 14:59:52 282624 ----a-w- C:\Program Files\MediaImpression.exe
2008-12-31 13:27:48 790528 ----a-w- C:\Program Files\RctBrowser.dll
2008-12-29 22:11:06 360448 ----a-w- C:\Program Files\PhotoViewer.exe
2008-12-29 17:48:30 184320 ----a-w- C:\Program Files\MIDownload.exe
2008-12-11 14:34:04 154112 ----a-w- C:\Program Files\CheckUpdate.exe
2008-12-08 17:21:40 227944 ----a-w- C:\Program Files\CheckUpdate.dll
2008-11-24 22:35:34 135168 ----a-w- C:\Program Files\OPRUpgrade.exe
2008-11-24 22:28:22 28672 ----a-w- C:\Program Files\ShadowWndDll.dll
2008-11-24 22:27:52 40960 ----a-w- C:\Program Files\USBStorageManager.dll
2008-11-24 22:27:38 86016 ----a-w- C:\Program Files\MIMenu.dll
2008-11-24 22:23:24 57344 ----a-w- C:\Program Files\uMyExtrasCtrl.dll
2008-11-24 22:18:24 159744 ----a-w- C:\Program Files\uPI6CommonDll.dll
2008-11-04 21:17:22 319488 ----a-w- C:\Program Files\OPHistory.exe
2008-09-27 20:14:42 487424 ----a-w- C:\Program Files\OPRCommon.dll
2008-09-24 13:51:16 36864 ----a-w- C:\Program Files\HttpAgent.dll
2008-09-05 20:01:20 86016 ----a-w- C:\Program Files\MagUIInter.dll
2008-09-04 14:11:32 104960 ----a-w- C:\Program Files\MagUIImage.dll
2008-09-04 14:11:30 268800 ----a-w- C:\Program Files\MagUIEngine.dll
2008-09-04 14:11:28 59904 ----a-w- C:\Program Files\MagPCMac.dll
2008-09-04 14:11:26 55808 ----a-w- C:\Program Files\MagicFrame.dll
2008-09-04 14:11:24 35328 ----a-w- C:\Program Files\MagCore.dll
2008-09-03 21:20:50 59904 ----a-w- C:\Program Files\TETransUtility.dll
2008-09-03 21:20:48 113152 ----a-w- C:\Program Files\TETextEngine.dll
2008-09-03 21:20:46 178688 ----a-w- C:\Program Files\TECharEngine.dll
2008-08-01 18:31:00 223744 ----a-w- C:\Program Files\MIArcCon.dll
2008-06-26 18:50:40 756224 ----a-w- C:\Program Files\ToolsCtrl.dll
2008-06-26 18:49:20 125440 ----a-w- C:\Program Files\magPltfm.dll
2008-06-26 18:48:10 866816 ----a-w- C:\Program Files\RawEngine.dll
2008-06-26 18:48:08 727552 ----a-w- C:\Program Files\X3FSDK.dll
2008-06-26 18:48:06 158208 ----a-w- C:\Program Files\magFileIO.dll
2008-06-26 18:48:04 436736 ----a-w- C:\Program Files\magFpxio.dll
2008-06-26 18:47:02 350720 ----a-w- C:\Program Files\magTools.dll
2008-06-26 18:46:56 84480 ----a-w- C:\Program Files\ImgCtrl.dll
2008-06-26 18:46:54 350720 ----a-w- C:\Program Files\magengin.dll
2008-04-18 21:28:54 299008 ----a-w- C:\Program Files\RctXMLBase.dll
2008-04-16 20:39:54 78136 ----a-w- C:\Program Files\MagAppFramework.dll
2008-03-25 19:43:02 135168 ----a-w- C:\Program Files\uArcPrintManager.dll
2007-05-24 14:08:28 97024 ----a-w- C:\Program Files\MediaImpressionUpdate.exe
2007-05-24 14:04:02 60160 ----a-w- C:\Program Files\MsgDll.dll
2007-05-24 14:03:54 31488 ----a-w- C:\Program Files\MediaImpressionRes.dll
2007-01-09 18:58:00 167936 ----a-w- C:\Program Files\dtype32.dll
2007-01-09 18:58:00 155648 ----a-w- C:\Program Files\dtype32x.dll
2006-11-09 15:07:24 150272 ----a-w- C:\Program Files\AglSwf.dll
2006-11-08 21:12:46 64256 ----a-w- C:\Program Files\kglu.dll
2006-11-08 21:12:44 256768 ----a-w- C:\Program Files\kgl.dll
2006-11-08 18:54:14 895744 ----a-w- C:\Program Files\uEzDll.dll
2006-10-14 20:13:26 981760 ----a-w- C:\Program Files\mfc42u.dll
2006-09-22 14:17:30 221184 ----a-w- C:\Program Files\Res_Dll.dll
2006-01-24 14:20:00 1645320 ----a-w- C:\Program Files\gdiplus.dll
2005-06-21 14:29:00 245408 ----a-w- C:\Program Files\unicows.dll
2005-05-27 19:09:00 1024082 ----a-w- C:\Program Files\MFC42LU.DLL
2005-05-27 18:58:00 393216 ----a-w- C:\Program Files\MSLUP60.dll
2005-05-27 18:58:00 249856 ----a-w- C:\Program Files\MSLURT.dll
2005-04-14 04:05:56 81920 ----a-w- C:\Program Files\PICSDK3.dll
2004-08-17 16:00:00 413696 ----a-w- C:\Program Files\msvcp60.dll
2004-03-03 04:10:00 483328 ----a-w- C:\Program Files\PICSDK.dll
.
============= FINISH: 14:37:09.28 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 14 August 2012 - 12:45 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 14 August 2012 - 02:55 PM

Gringo,
Thanks for taking the time to help me. :) I really appreciate it!

Here is the log generated by Security Check:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor 9.0
Java™ 6 Update 29
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

After running Security Check, I downloaded Combofix, disabled realtime on ESET, and ran Combofix as instructed.
Here is the log from that:

ComboFix 12-08-14.03 - Elayna 08/14/2012 14:55:49.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6108.3019 [GMT -4:00]
Running from: c:\users\Elayna\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\RemoveSGP.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 19:08 . 2012-08-14 19:13 -------- d-----w- c:\users\Elayna\AppData\Local\temp
2012-08-14 19:08 . 2012-08-14 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 19:07 . 2012-08-14 19:07 -------- d-----w- c:\users\Stonewall Jackson\AppData\Local\temp
2012-08-14 19:07 . 2012-08-14 19:07 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-08-06 16:20 . 2012-08-06 16:20 -------- d-----w- c:\program files\iPod
2012-08-06 16:20 . 2012-08-06 16:21 -------- d-----w- c:\program files\iTunes
2012-08-06 16:20 . 2012-08-06 16:21 -------- d-----w- c:\program files (x86)\iTunes
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-06 16:13 . 2012-08-06 16:13 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 19:42 . 2012-04-21 00:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 19:42 . 2011-12-11 20:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 07:03 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-25 18:58 . 2012-06-28 22:07 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 18:58 . 2012-06-28 22:07 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-24 17:05 . 2012-06-24 17:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-06-24 17:05 . 2012-06-24 17:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-06-24 17:05 . 2012-06-24 17:05 106000 ----a-w- c:\windows\system32\packet.dll
2012-06-13 13:58 . 2012-07-15 07:02 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 09:48 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 09:49 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 09:49 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 09:49 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 09:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 09:49 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 12:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:47 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 12:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 12:47 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 12:47 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 12:47 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 12:47 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 09:49 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 09:49 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 09:49 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 09:49 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 09:49 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2009-02-17 14:59 . 2011-10-18 19:23 282624 ----a-w- c:\program files\MediaImpression.exe
2008-12-31 13:27 . 2011-10-18 19:23 790528 ----a-w- c:\program files\RctBrowser.dll
2008-12-29 22:11 . 2011-10-18 19:23 360448 ----a-w- c:\program files\PhotoViewer.exe
2008-12-29 17:48 . 2011-10-18 19:23 184320 ----a-w- c:\program files\MIDownload.exe
2008-12-11 14:34 . 2011-10-18 19:23 154112 ----a-w- c:\program files\CheckUpdate.exe
2008-12-08 17:21 . 2011-10-18 19:24 227944 ----a-w- c:\program files\CheckUpdate.dll
2008-11-24 22:35 . 2011-10-18 19:23 135168 ----a-w- c:\program files\OPRUpgrade.exe
2008-11-24 22:28 . 2011-10-18 19:23 28672 ----a-w- c:\program files\ShadowWndDll.dll
2008-11-24 22:27 . 2011-10-18 19:23 40960 ----a-w- c:\program files\USBStorageManager.dll
2008-11-24 22:27 . 2011-10-18 19:23 86016 ----a-w- c:\program files\MIMenu.dll
2008-11-24 22:23 . 2011-10-18 19:23 57344 ----a-w- c:\program files\uMyExtrasCtrl.dll
2008-11-24 22:18 . 2011-10-18 19:23 159744 ----a-w- c:\program files\uPI6CommonDll.dll
2008-11-04 21:17 . 2011-10-18 19:23 319488 ----a-w- c:\program files\OPHistory.exe
2008-09-27 20:14 . 2011-10-18 19:23 487424 ----a-w- c:\program files\OPRCommon.dll
2008-09-24 13:51 . 2011-10-18 19:23 36864 ----a-w- c:\program files\HttpAgent.dll
2008-09-05 20:01 . 2011-10-18 19:23 86016 ----a-w- c:\program files\MagUIInter.dll
2008-09-04 14:11 . 2011-10-18 19:23 104960 ----a-w- c:\program files\MagUIImage.dll
2008-09-04 14:11 . 2011-10-18 19:23 268800 ----a-w- c:\program files\MagUIEngine.dll
2008-09-04 14:11 . 2011-10-18 19:23 59904 ----a-w- c:\program files\MagPCMac.dll
2008-09-04 14:11 . 2011-10-18 19:23 55808 ----a-w- c:\program files\MagicFrame.dll
2008-09-04 14:11 . 2011-10-18 19:23 35328 ----a-w- c:\program files\MagCore.dll
2008-09-03 21:20 . 2011-10-18 19:23 59904 ----a-w- c:\program files\TETransUtility.dll
2008-09-03 21:20 . 2011-10-18 19:23 113152 ----a-w- c:\program files\TETextEngine.dll
2008-09-03 21:20 . 2011-10-18 19:23 178688 ----a-w- c:\program files\TECharEngine.dll
2008-08-01 18:31 . 2011-10-18 19:23 223744 ----a-w- c:\program files\MIArcCon.dll
2008-06-26 18:50 . 2011-10-18 19:23 756224 ----a-w- c:\program files\ToolsCtrl.dll
2008-06-26 18:49 . 2011-10-18 19:23 125440 ----a-w- c:\program files\magPltfm.dll
2008-06-26 18:48 . 2011-10-18 19:23 866816 ----a-w- c:\program files\RawEngine.dll
2008-06-26 18:48 . 2011-10-18 19:23 727552 ----a-w- c:\program files\X3FSDK.dll
2008-06-26 18:48 . 2011-10-18 19:23 158208 ----a-w- c:\program files\magFileIO.dll
2008-06-26 18:48 . 2011-10-18 19:23 436736 ----a-w- c:\program files\magFpxio.dll
2008-06-26 18:47 . 2011-10-18 19:23 350720 ----a-w- c:\program files\magTools.dll
2008-06-26 18:46 . 2011-10-18 19:23 84480 ----a-w- c:\program files\ImgCtrl.dll
2008-06-26 18:46 . 2011-10-18 19:23 350720 ----a-w- c:\program files\magengin.dll
2008-04-18 21:28 . 2011-10-18 19:23 299008 ----a-w- c:\program files\RctXMLBase.dll
2008-04-16 20:39 . 2011-10-18 19:23 78136 ----a-w- c:\program files\MagAppFramework.dll
2008-03-25 19:43 . 2011-10-18 19:23 135168 ----a-w- c:\program files\uArcPrintManager.dll
2007-05-24 14:08 . 2011-10-18 19:23 97024 ----a-w- c:\program files\MediaImpressionUpdate.exe
2007-05-24 14:04 . 2011-10-18 19:23 60160 ----a-w- c:\program files\MsgDll.dll
2007-05-24 14:03 . 2011-10-18 19:23 31488 ----a-w- c:\program files\MediaImpressionRes.dll
2007-01-09 18:58 . 2011-10-18 19:23 167936 ----a-w- c:\program files\dtype32.dll
2007-01-09 18:58 . 2011-10-18 19:23 155648 ----a-w- c:\program files\dtype32x.dll
2006-11-09 15:07 . 2011-10-18 19:23 150272 ----a-w- c:\program files\AglSwf.dll
2006-11-08 21:12 . 2011-10-18 19:23 64256 ----a-w- c:\program files\kglu.dll
2006-11-08 21:12 . 2011-10-18 19:23 256768 ----a-w- c:\program files\kgl.dll
2006-11-08 18:54 . 2011-10-18 19:23 895744 ----a-w- c:\program files\uEzDll.dll
2006-10-14 20:13 . 2011-10-18 19:23 981760 ----a-w- c:\program files\mfc42u.dll
2006-09-22 14:17 . 2011-10-18 19:23 221184 ----a-w- c:\program files\Res_Dll.dll
2006-01-24 14:20 . 2011-10-18 19:23 1645320 ----a-w- c:\program files\gdiplus.dll
2005-06-21 14:29 . 2011-10-18 19:23 245408 ----a-w- c:\program files\unicows.dll
2005-05-27 19:09 . 2011-10-18 19:23 1024082 ----a-w- c:\program files\MFC42LU.DLL
2005-05-27 18:58 . 2011-10-18 19:23 393216 ----a-w- c:\program files\MSLUP60.dll
2005-05-27 18:58 . 2011-10-18 19:23 249856 ----a-w- c:\program files\MSLURT.dll
2005-04-14 04:05 . 2011-10-18 19:23 81920 ----a-w- c:\program files\PICSDK3.dll
2004-08-17 16:00 . 2011-10-18 19:23 413696 ----a-w- c:\program files\msvcp60.dll
2004-03-03 04:10 . 2011-10-18 19:23 483328 ----a-w- c:\program files\PICSDK.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-05 39408]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-01-08 963072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Stonewall Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Elayna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2008-12-16 221247]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*Deregistered* - PCTSDInjDriver64
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:42]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 21:30]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 21:30]
.
2012-08-14 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-12-05 11:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF15873.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Skytel - Skytel.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2012-08-14 15:21:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 19:21
.
Pre-Run: 339,183,296,512 bytes free
Post-Run: 339,356,823,552 bytes free
.
- - End Of File - - 83D2F9CC1DFA1E4E2EAED9D1E0294E0F

There were no problems during this step, except for one. After rebooting, an error message popped up - "C:\\Windows\system32\GfxUI.exe 'a device attached to the system is not functioning'"

I have been using the PC now for about a half hour and the delete/quarantine notifications from ESET have stopped, svchost.exe *32 is no longer being a hog - or even running, for that matter, and there are no other warnings,freezing, or perceptible failures. Everything seems to be normal. :)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 14 August 2012 - 07:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 15 August 2012 - 02:10 PM

Gringo,
Here is the log from TDSSKiller:



14:40:17.0263 5564 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:40:17.0601 5564 ============================================================
14:40:17.0601 5564 Current date / time: 2012/08/15 14:40:17.0601
14:40:17.0601 5564 SystemInfo:
14:40:17.0601 5564
14:40:17.0601 5564 OS Version: 6.0.6002 ServicePack: 2.0
14:40:17.0601 5564 Product type: Workstation
14:40:17.0601 5564 ComputerName: STONEWALL-PC
14:40:17.0601 5564 UserName: Elayna
14:40:17.0601 5564 Windows directory: C:\Windows
14:40:17.0601 5564 System windows directory: C:\Windows
14:40:17.0601 5564 Running under WOW64
14:40:17.0601 5564 Processor architecture: Intel x64
14:40:17.0601 5564 Number of processors: 4
14:40:17.0601 5564 Page size: 0x1000
14:40:17.0601 5564 Boot type: Normal boot
14:40:17.0601 5564 ============================================================
14:40:18.0774 5564 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:40:18.0780 5564 ============================================================
14:40:18.0780 5564 \Device\Harddisk0\DR0:
14:40:18.0780 5564 MBR partitions:
14:40:18.0780 5564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
14:40:18.0780 5564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x3856D800
14:40:18.0780 5564 ============================================================
14:40:18.0805 5564 C: <-> \Device\Harddisk0\DR0\Partition2
14:40:18.0834 5564 D: <-> \Device\Harddisk0\DR0\Partition1
14:40:18.0834 5564 ============================================================
14:40:18.0834 5564 Initialize success
14:40:18.0834 5564 ============================================================
14:41:06.0363 1052 ============================================================
14:41:06.0363 1052 Scan started
14:41:06.0363 1052 Mode: Manual;
14:41:06.0363 1052 ============================================================
14:41:07.0216 1052 ================ Scan services =============================
14:41:07.0408 1052 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:41:07.0410 1052 ACDaemon - ok
14:41:07.0549 1052 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:41:07.0553 1052 ACPI - ok
14:41:07.0674 1052 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:41:07.0677 1052 AdobeFlashPlayerUpdateSvc - ok
14:41:07.0718 1052 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:41:07.0735 1052 adp94xx - ok
14:41:07.0748 1052 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:41:07.0754 1052 adpahci - ok
14:41:07.0805 1052 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:41:07.0808 1052 adpu160m - ok
14:41:07.0822 1052 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:41:07.0827 1052 adpu320 - ok
14:41:07.0877 1052 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:41:07.0878 1052 AeLookupSvc - ok
14:41:07.0937 1052 [ 0d7a11395c0a33d9e7587cdb9866efad ] AERTFilters C:\Windows\system32\AERTSr64.exe
14:41:07.0938 1052 AERTFilters - ok
14:41:07.0995 1052 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
14:41:07.0999 1052 AFD - ok
14:41:08.0049 1052 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:41:08.0051 1052 agp440 - ok
14:41:08.0066 1052 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:41:08.0068 1052 aic78xx - ok
14:41:08.0086 1052 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
14:41:08.0089 1052 ALG - ok
14:41:08.0104 1052 [ 9544c2c55541c0c6bfd7b489d0e7d430 ] aliide C:\Windows\system32\drivers\aliide.sys
14:41:08.0106 1052 aliide - ok
14:41:08.0117 1052 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
14:41:08.0118 1052 amdide - ok
14:41:08.0134 1052 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:41:08.0136 1052 AmdK8 - ok
14:41:08.0222 1052 [ dc45ab27932447b598848b10650313c5 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
14:41:08.0224 1052 APC UPS Service - ok
14:41:08.0296 1052 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
14:41:08.0297 1052 Appinfo - ok
14:41:08.0408 1052 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:41:08.0409 1052 Apple Mobile Device - ok
14:41:08.0471 1052 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
14:41:08.0473 1052 arc - ok
14:41:08.0486 1052 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:41:08.0488 1052 arcsas - ok
14:41:08.0541 1052 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:41:08.0542 1052 AsyncMac - ok
14:41:08.0565 1052 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
14:41:08.0566 1052 atapi - ok
14:41:08.0619 1052 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:41:08.0623 1052 AudioEndpointBuilder - ok
14:41:08.0635 1052 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:41:08.0639 1052 AudioSrv - ok
14:41:08.0743 1052 [ 825f81a6f7dd073509db101f0ba6dc59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:41:08.0747 1052 BBSvc - ok
14:41:08.0779 1052 Beep - ok
14:41:08.0860 1052 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
14:41:08.0865 1052 BFE - ok
14:41:08.0938 1052 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
14:41:08.0948 1052 BITS - ok
14:41:08.0983 1052 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:41:08.0985 1052 blbdrive - ok
14:41:09.0072 1052 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:41:09.0076 1052 Bonjour Service - ok
14:41:09.0126 1052 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:41:09.0127 1052 bowser - ok
14:41:09.0171 1052 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:41:09.0172 1052 BrFiltLo - ok
14:41:09.0180 1052 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:41:09.0182 1052 BrFiltUp - ok
14:41:09.0205 1052 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
14:41:09.0207 1052 Browser - ok
14:41:09.0341 1052 [ 7229b58039d5a9338ad633e8ab60619c ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
14:41:09.0346 1052 Browser Defender Update Service - ok
14:41:09.0394 1052 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
14:41:09.0396 1052 Brserid - ok
14:41:09.0413 1052 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:41:09.0415 1052 BrSerWdm - ok
14:41:09.0431 1052 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:41:09.0433 1052 BrUsbMdm - ok
14:41:09.0445 1052 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:41:09.0446 1052 BrUsbSer - ok
14:41:09.0494 1052 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:41:09.0495 1052 BTHMODEM - ok
14:41:09.0549 1052 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:41:09.0550 1052 cdfs - ok
14:41:09.0612 1052 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:41:09.0614 1052 cdrom - ok
14:41:09.0749 1052 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
14:41:09.0750 1052 CertPropSvc - ok
14:41:09.0767 1052 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\drivers\circlass.sys
14:41:09.0769 1052 circlass - ok
14:41:09.0824 1052 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
14:41:09.0828 1052 CLFS - ok
14:41:09.0932 1052 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:41:09.0934 1052 clr_optimization_v2.0.50727_32 - ok
14:41:10.0000 1052 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:41:10.0003 1052 clr_optimization_v2.0.50727_64 - ok
14:41:10.0073 1052 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:41:10.0075 1052 clr_optimization_v4.0.30319_32 - ok
14:41:10.0145 1052 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:41:10.0148 1052 clr_optimization_v4.0.30319_64 - ok
14:41:10.0167 1052 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:41:10.0169 1052 cmdide - ok
14:41:10.0185 1052 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:41:10.0186 1052 Compbatt - ok
14:41:10.0194 1052 COMSysApp - ok
14:41:10.0202 1052 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:41:10.0203 1052 crcdisk - ok
14:41:10.0268 1052 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:41:10.0270 1052 CryptSvc - ok
14:41:10.0328 1052 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
14:41:10.0335 1052 DcomLaunch - ok
14:41:10.0393 1052 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:41:10.0395 1052 DfsC - ok
14:41:10.0526 1052 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
14:41:10.0584 1052 DFSR - ok
14:41:10.0656 1052 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:41:10.0658 1052 Dhcp - ok
14:41:10.0723 1052 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
14:41:10.0725 1052 disk - ok
14:41:10.0776 1052 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:41:10.0778 1052 Dnscache - ok
14:41:10.0860 1052 [ db29915209770d8b59654345ec2d943a ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
14:41:10.0862 1052 DockLoginService - ok
14:41:10.0921 1052 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
14:41:10.0925 1052 dot3svc - ok
14:41:10.0978 1052 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:41:10.0980 1052 Dot4 - ok
14:41:11.0035 1052 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:41:11.0035 1052 Dot4Print - ok
14:41:11.0084 1052 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:41:11.0085 1052 dot4usb - ok
14:41:11.0142 1052 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
14:41:11.0144 1052 DPS - ok
14:41:11.0205 1052 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:41:11.0207 1052 drmkaud - ok
14:41:11.0275 1052 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:41:11.0282 1052 DXGKrnl - ok
14:41:11.0363 1052 [ 17d40652ef3e55eeae187a89df40965a ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
14:41:11.0369 1052 e1express - ok
14:41:11.0418 1052 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:41:11.0422 1052 E1G60 - ok
14:41:11.0488 1052 [ 13533557d01b88c83110d5cf749f14d7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
14:41:11.0491 1052 eamonm - ok
14:41:11.0506 1052 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
14:41:11.0508 1052 EapHost - ok
14:41:11.0562 1052 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
14:41:11.0564 1052 Ecache - ok
14:41:11.0640 1052 [ e097728129e7b79bf1089d7aef42332b ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
14:41:11.0642 1052 ehdrv - ok
14:41:11.0687 1052 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:41:11.0693 1052 ehRecvr - ok
14:41:11.0704 1052 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
14:41:11.0707 1052 ehSched - ok
14:41:11.0755 1052 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
14:41:11.0756 1052 ehstart - ok
14:41:11.0859 1052 [ 0a38bd2c9589910c634b10e644d5759c ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
14:41:11.0861 1052 EhttpSrv - ok
14:41:11.0913 1052 [ c7bb95cf9631aa401e4aded1648f6af7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
14:41:11.0921 1052 ekrn - ok
14:41:11.0961 1052 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:41:11.0968 1052 elxstor - ok
14:41:12.0020 1052 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:41:12.0023 1052 EMDMgmt - ok
14:41:12.0090 1052 [ 198c6fbc30bbd9632ea051203dccf204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
14:41:12.0092 1052 epfw - ok
14:41:12.0134 1052 [ 56de463f517710a8aa44eef82c35b3c9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:41:12.0136 1052 EpfwLWF - ok
14:41:12.0191 1052 [ 710b0442bb2f99278d7b8e02a8849c11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
14:41:12.0192 1052 epfwwfp - ok
14:41:12.0236 1052 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:41:12.0238 1052 ErrDev - ok
14:41:12.0288 1052 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
14:41:12.0292 1052 EventSystem - ok
14:41:12.0340 1052 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
14:41:12.0344 1052 exfat - ok
14:41:12.0387 1052 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:41:12.0389 1052 fastfat - ok
14:41:12.0402 1052 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:41:12.0404 1052 fdc - ok
14:41:12.0421 1052 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
14:41:12.0423 1052 fdPHost - ok
14:41:12.0464 1052 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
14:41:12.0466 1052 FDResPub - ok
14:41:12.0474 1052 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:41:12.0476 1052 FileInfo - ok
14:41:12.0493 1052 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:41:12.0494 1052 Filetrace - ok
14:41:12.0502 1052 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:41:12.0504 1052 flpydisk - ok
14:41:12.0553 1052 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:41:12.0556 1052 FltMgr - ok
14:41:12.0629 1052 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
14:41:12.0639 1052 FontCache - ok
14:41:12.0726 1052 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:41:12.0728 1052 FontCache3.0.0.0 - ok
14:41:12.0770 1052 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:41:12.0771 1052 Fs_Rec - ok
14:41:12.0785 1052 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:41:12.0788 1052 gagp30kx - ok
14:41:12.0879 1052 [ 23a13fce5480e0637b7514961b8cfe14 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
14:41:12.0884 1052 GameConsoleService - ok
14:41:12.0912 1052 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:41:12.0914 1052 GEARAspiWDM - ok
14:41:12.0974 1052 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
14:41:12.0981 1052 gpsvc - ok
14:41:13.0075 1052 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:41:13.0076 1052 gupdate - ok
14:41:13.0082 1052 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:41:13.0083 1052 gupdatem - ok
14:41:13.0147 1052 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:41:13.0149 1052 gusvc - ok
14:41:13.0210 1052 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:41:13.0218 1052 HDAudBus - ok
14:41:13.0243 1052 [ 68214c82fa6222591873677a72df2a66 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:41:13.0244 1052 HidBatt - ok
14:41:13.0256 1052 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:41:13.0258 1052 HidBth - ok
14:41:13.0271 1052 [ 4e77a77e2c986e8f88f996bb3e1ad829 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:41:13.0273 1052 HidIr - ok
14:41:13.0320 1052 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
14:41:13.0321 1052 hidserv - ok
14:41:13.0346 1052 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:41:13.0347 1052 HidUsb - ok
14:41:13.0377 1052 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
14:41:13.0380 1052 hkmsvc - ok
14:41:13.0437 1052 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:41:13.0439 1052 HpCISSs - ok
14:41:13.0500 1052 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:41:13.0508 1052 HTTP - ok
14:41:13.0542 1052 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:41:13.0544 1052 i2omp - ok
14:41:13.0582 1052 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:41:13.0584 1052 i8042prt - ok
14:41:13.0637 1052 [ 07fb761600eff44af02c35b8b57e5863 ] iaStor C:\Windows\system32\drivers\iastor.sys
14:41:13.0644 1052 iaStor - ok
14:41:13.0688 1052 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:41:13.0693 1052 iaStorV - ok
14:41:13.0761 1052 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:41:13.0784 1052 idsvc - ok
14:41:14.0013 1052 [ 677aa5991026a65ada128c4b59cf2bad ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:41:14.0093 1052 igfx - ok
14:41:14.0111 1052 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:41:14.0113 1052 iirsp - ok
14:41:14.0163 1052 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
14:41:14.0167 1052 IKEEXT - ok
14:41:14.0222 1052 [ 0dd17d4b59d0ec40e3c86a505bb0b6dd ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:41:14.0249 1052 IntcAzAudAddService - ok
14:41:14.0283 1052 [ bd37227c07179b1040a8896b9c0c146b ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:41:14.0285 1052 IntcHdmiAddService - ok
14:41:14.0309 1052 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:41:14.0310 1052 intelide - ok
14:41:14.0318 1052 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:41:14.0320 1052 intelppm - ok
14:41:14.0345 1052 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:41:14.0347 1052 IPBusEnum - ok
14:41:14.0408 1052 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:41:14.0411 1052 IpFilterDriver - ok
14:41:14.0443 1052 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:41:14.0446 1052 iphlpsvc - ok
14:41:14.0450 1052 IpInIp - ok
14:41:14.0489 1052 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:41:14.0491 1052 IPMIDRV - ok
14:41:14.0521 1052 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:41:14.0524 1052 IPNAT - ok
14:41:14.0563 1052 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:41:14.0569 1052 iPod Service - ok
14:41:14.0605 1052 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:41:14.0607 1052 IRENUM - ok
14:41:14.0649 1052 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:41:14.0650 1052 isapnp - ok
14:41:14.0698 1052 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:41:14.0701 1052 iScsiPrt - ok
14:41:14.0719 1052 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:41:14.0721 1052 iteatapi - ok
14:41:14.0821 1052 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:41:14.0823 1052 iteraid - ok
14:41:14.0871 1052 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:41:14.0873 1052 kbdclass - ok
14:41:14.0915 1052 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:41:14.0916 1052 kbdhid - ok
14:41:14.0981 1052 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
14:41:14.0983 1052 KeyIso - ok
14:41:15.0096 1052 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:41:15.0100 1052 KSecDD - ok
14:41:15.0146 1052 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:41:15.0147 1052 ksthunk - ok
14:41:15.0210 1052 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
14:41:15.0213 1052 KtmRm - ok
14:41:15.0262 1052 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:41:15.0265 1052 LanmanServer - ok
14:41:15.0314 1052 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:41:15.0317 1052 LanmanWorkstation - ok
14:41:15.0329 1052 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:41:15.0330 1052 lltdio - ok
14:41:15.0364 1052 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:41:15.0370 1052 lltdsvc - ok
14:41:15.0396 1052 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:41:15.0398 1052 lmhosts - ok
14:41:15.0424 1052 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:41:15.0427 1052 LSI_FC - ok
14:41:15.0446 1052 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:41:15.0449 1052 LSI_SAS - ok
14:41:15.0468 1052 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:41:15.0471 1052 LSI_SCSI - ok
14:41:15.0507 1052 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
14:41:15.0509 1052 luafv - ok
14:41:15.0524 1052 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:41:15.0526 1052 Mcx2Svc - ok
14:41:15.0581 1052 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
14:41:15.0582 1052 megasas - ok
14:41:15.0634 1052 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:41:15.0641 1052 MegaSR - ok
14:41:15.0702 1052 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
14:41:15.0704 1052 MMCSS - ok
14:41:15.0718 1052 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
14:41:15.0720 1052 Modem - ok
14:41:15.0738 1052 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:41:15.0740 1052 monitor - ok
14:41:15.0752 1052 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:41:15.0754 1052 mouclass - ok
14:41:15.0797 1052 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:41:15.0798 1052 mouhid - ok
14:41:15.0804 1052 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:41:15.0806 1052 MountMgr - ok
14:41:15.0864 1052 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
14:41:15.0867 1052 mpio - ok
14:41:15.0885 1052 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:41:15.0887 1052 mpsdrv - ok
14:41:15.0942 1052 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
14:41:15.0948 1052 MpsSvc - ok
14:41:16.0005 1052 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:41:16.0007 1052 Mraid35x - ok
14:41:16.0051 1052 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:41:16.0052 1052 MRxDAV - ok
14:41:16.0099 1052 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:41:16.0101 1052 mrxsmb - ok
14:41:16.0135 1052 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:41:16.0138 1052 mrxsmb10 - ok
14:41:16.0144 1052 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:41:16.0146 1052 mrxsmb20 - ok
14:41:16.0162 1052 [ 730b784962d22d2c6481eae2370e7c8c ] msahci C:\Windows\system32\drivers\msahci.sys
14:41:16.0163 1052 msahci - ok
14:41:16.0199 1052 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:41:16.0202 1052 msdsm - ok
14:41:16.0218 1052 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
14:41:16.0222 1052 MSDTC - ok
14:41:16.0247 1052 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:41:16.0248 1052 Msfs - ok
14:41:16.0292 1052 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:41:16.0293 1052 msisadrv - ok
14:41:16.0338 1052 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:41:16.0342 1052 MSiSCSI - ok
14:41:16.0347 1052 msiserver - ok
14:41:16.0390 1052 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:41:16.0392 1052 MSKSSRV - ok
14:41:16.0405 1052 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:41:16.0407 1052 MSPCLOCK - ok
14:41:16.0421 1052 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:41:16.0423 1052 MSPQM - ok
14:41:16.0478 1052 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:41:16.0481 1052 MsRPC - ok
14:41:16.0539 1052 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:41:16.0540 1052 mssmbios - ok
14:41:16.0558 1052 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:41:16.0560 1052 MSTEE - ok
14:41:16.0566 1052 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
14:41:16.0567 1052 Mup - ok
14:41:16.0618 1052 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
14:41:16.0635 1052 napagent - ok
14:41:16.0706 1052 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:41:16.0708 1052 NativeWifiP - ok
14:41:16.0788 1052 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:41:16.0795 1052 NDIS - ok
14:41:16.0803 1052 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:41:16.0804 1052 NdisTapi - ok
14:41:16.0812 1052 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:41:16.0813 1052 Ndisuio - ok
14:41:16.0870 1052 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:41:16.0873 1052 NdisWan - ok
14:41:16.0882 1052 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:41:16.0883 1052 NDProxy - ok
14:41:16.0937 1052 [ 458a00528bf213a31f51896ec37b91f4 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:41:16.0939 1052 Net Driver HPZ12 - ok
14:41:16.0952 1052 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:41:16.0953 1052 NetBIOS - ok
14:41:16.0999 1052 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:41:17.0002 1052 netbt - ok
14:41:17.0089 1052 [ ea833758be56a68aabecd50e1ddcf4a3 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
14:41:17.0102 1052 NETGEARGenieDaemon - ok
14:41:17.0107 1052 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
14:41:17.0108 1052 Netlogon - ok
14:41:17.0134 1052 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
14:41:17.0139 1052 Netman - ok
14:41:17.0155 1052 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
14:41:17.0159 1052 netprofm - ok
14:41:17.0198 1052 [ 74751dda198165947fd7454d83f49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:41:17.0201 1052 NetTcpPortSharing - ok
14:41:17.0230 1052 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:41:17.0232 1052 nfrd960 - ok
14:41:17.0292 1052 [ 42390431e604c9513d4f23fb7bdec334 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
14:41:17.0294 1052 NitroReaderDriverReadSpool2 - ok
14:41:17.0311 1052 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
14:41:17.0314 1052 NlaSvc - ok
14:41:17.0338 1052 [ 351533acc2a069b94e80bbfc177e8fdf ] NPF C:\Windows\system32\drivers\NPF.sys
14:41:17.0339 1052 NPF - ok
14:41:17.0396 1052 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:41:17.0397 1052 Npfs - ok
14:41:17.0410 1052 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
14:41:17.0412 1052 nsi - ok
14:41:17.0427 1052 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:41:17.0429 1052 nsiproxy - ok
14:41:17.0503 1052 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:41:17.0520 1052 Ntfs - ok
14:41:17.0526 1052 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
14:41:17.0528 1052 Null - ok
14:41:17.0561 1052 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:41:17.0564 1052 nvraid - ok
14:41:17.0585 1052 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:41:17.0588 1052 nvstor - ok
14:41:17.0606 1052 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:41:17.0609 1052 nv_agp - ok
14:41:17.0615 1052 NwlnkFlt - ok
14:41:17.0622 1052 NwlnkFwd - ok
14:41:17.0721 1052 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:41:17.0729 1052 odserv - ok
14:41:17.0796 1052 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:41:17.0797 1052 ohci1394 - ok
14:41:17.0854 1052 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:41:17.0857 1052 ose - ok
14:41:17.0925 1052 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:41:17.0950 1052 p2pimsvc - ok
14:41:18.0004 1052 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
14:41:18.0012 1052 p2psvc - ok
14:41:18.0038 1052 [ aecd57f94c887f58919f307c35498ea0 ] Parport C:\Windows\system32\drivers\parport.sys
14:41:18.0040 1052 Parport - ok
14:41:18.0092 1052 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:41:18.0093 1052 partmgr - ok
14:41:18.0108 1052 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
14:41:18.0111 1052 PcaSvc - ok
14:41:18.0159 1052 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
14:41:18.0161 1052 pci - ok
14:41:18.0222 1052 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
14:41:18.0223 1052 pciide - ok
14:41:18.0245 1052 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:41:18.0249 1052 pcmcia - ok
14:41:18.0293 1052 [ 8fe3547a6a4669817bd01abd46f0cee5 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys
14:41:18.0296 1052 PCTBD - ok
14:41:18.0344 1052 [ 876fd95b7a3b7fe6179fbd16e7a6486c ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
14:41:18.0378 1052 PCTCore - ok
14:41:18.0434 1052 [ ba1f42a42f405f62ceff6b69a2797f7c ] pctDS C:\Windows\system32\drivers\pctDS64.sys
14:41:18.0467 1052 pctDS - ok
14:41:18.0543 1052 [ 814acba180fb7ad3856d5ccaa857c97d ] pctgntdi C:\Windows\System32\drivers\pctgntdi64.sys
14:41:18.0564 1052 pctgntdi - ok
14:41:18.0611 1052 [ abc87b90c4d20b0f76da00ff24b8826a ] pctplsg C:\Windows\System32\drivers\pctplsg64.sys
14:41:18.0614 1052 pctplsg - ok
14:41:18.0666 1052 [ 577f20ebf1e42bebb238e2412b99c7ee ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
14:41:18.0669 1052 PCTSD - ok
14:41:18.0693 1052 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:41:18.0698 1052 PEAUTH - ok
14:41:18.0793 1052 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:41:18.0795 1052 PerfHost - ok
14:41:18.0835 1052 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
14:41:18.0862 1052 pla - ok
14:41:18.0923 1052 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:41:18.0928 1052 PlugPlay - ok
14:41:18.0973 1052 [ bb3bf7b26daadcbab3ba90c4bcf9e73c ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:41:18.0975 1052 Pml Driver HPZ12 - ok
14:41:18.0999 1052 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:41:19.0006 1052 PNRPAutoReg - ok
14:41:19.0032 1052 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:41:19.0039 1052 PNRPsvc - ok
14:41:19.0100 1052 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:41:19.0105 1052 PolicyAgent - ok
14:41:19.0160 1052 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:41:19.0162 1052 PptpMiniport - ok
14:41:19.0195 1052 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
14:41:19.0197 1052 Processor - ok
14:41:19.0249 1052 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
14:41:19.0253 1052 ProfSvc - ok
14:41:19.0264 1052 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
14:41:19.0266 1052 ProtectedStorage - ok
14:41:19.0311 1052 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:41:19.0312 1052 PSched - ok
14:41:19.0382 1052 [ aed797cca02783296c68aa10d0cff8a9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:41:19.0383 1052 PxHlpa64 - ok
14:41:19.0449 1052 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:41:19.0483 1052 ql2300 - ok
14:41:19.0529 1052 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:41:19.0531 1052 ql40xx - ok
14:41:19.0579 1052 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
14:41:19.0584 1052 QWAVE - ok
14:41:19.0598 1052 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:41:19.0600 1052 QWAVEdrv - ok
14:41:19.0696 1052 [ 2a09a6b271d1f50adf5e33b37d460de6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
14:41:19.0780 1052 R300 - ok
14:41:19.0796 1052 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:41:19.0797 1052 RasAcd - ok
14:41:19.0813 1052 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:41:19.0817 1052 RasAuto - ok
14:41:19.0858 1052 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:19.0859 1052 Rasl2tp - ok
14:41:19.0876 1052 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
14:41:19.0880 1052 RasMan - ok
14:41:19.0938 1052 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:19.0939 1052 RasPppoe - ok
14:41:19.0979 1052 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:41:19.0981 1052 RasSstp - ok
14:41:20.0027 1052 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:41:20.0030 1052 rdbss - ok
14:41:20.0036 1052 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:20.0037 1052 RDPCDD - ok
14:41:20.0060 1052 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:41:20.0066 1052 rdpdr - ok
14:41:20.0072 1052 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:41:20.0073 1052 RDPENCDD - ok
14:41:20.0172 1052 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:41:20.0220 1052 RDPWD - ok
14:41:20.0253 1052 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:41:20.0298 1052 RemoteAccess - ok
14:41:20.0372 1052 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:41:20.0377 1052 RemoteRegistry - ok
14:41:20.0492 1052 [ 05fc44d32a144925eae45570029fd6e1 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:41:20.0517 1052 RoxMediaDB10 - ok
14:41:20.0563 1052 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
14:41:20.0565 1052 RpcLocator - ok
14:41:20.0620 1052 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
14:41:20.0627 1052 RpcSs - ok
14:41:20.0637 1052 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:41:20.0639 1052 rspndr - ok
14:41:20.0694 1052 [ f49d8df8895d809cb0a4deb44113de6f ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
14:41:20.0696 1052 RTL8169 - ok
14:41:20.0761 1052 [ 5532c4bf15173270757a75b46baeb960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
14:41:20.0762 1052 RtNdPt60 - ok
14:41:20.0767 1052 RxFilter - ok
14:41:20.0806 1052 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
14:41:20.0807 1052 SamSs - ok
14:41:20.0827 1052 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:41:20.0829 1052 sbp2port - ok
14:41:20.0853 1052 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:41:20.0857 1052 SCardSvr - ok
14:41:20.0915 1052 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
14:41:20.0924 1052 Schedule - ok
14:41:20.0939 1052 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:41:20.0941 1052 SCPolicySvc - ok
14:41:21.0031 1052 [ 17d6a03103586d7954ba74c2219ce1bb ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
14:41:21.0036 1052 sdAuxService - ok
14:41:21.0106 1052 [ 44323c0bcbffa66a7a90e93f5d027999 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
14:41:21.0118 1052 sdCoreService - ok
14:41:21.0155 1052 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:41:21.0158 1052 SDRSVC - ok
14:41:21.0242 1052 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:41:21.0245 1052 SeaPort - ok
14:41:21.0251 1052 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:41:21.0252 1052 secdrv - ok
14:41:21.0269 1052 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
14:41:21.0272 1052 seclogon - ok
14:41:21.0283 1052 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
14:41:21.0286 1052 SENS - ok
14:41:21.0301 1052 [ f71bfe7ac6c52273b7c82cbf1bb2a222 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:41:21.0303 1052 Serenum - ok
14:41:21.0324 1052 [ e62fac91ee288db29a9696a9d279929c ] Serial C:\Windows\system32\drivers\serial.sys
14:41:21.0326 1052 Serial - ok
14:41:21.0338 1052 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:41:21.0340 1052 sermouse - ok
14:41:21.0399 1052 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:41:21.0402 1052 SessionEnv - ok
14:41:21.0416 1052 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:41:21.0417 1052 sffdisk - ok
14:41:21.0427 1052 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:41:21.0429 1052 sffp_mmc - ok
14:41:21.0450 1052 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:41:21.0452 1052 sffp_sd - ok
14:41:21.0462 1052 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:41:21.0464 1052 sfloppy - ok
14:41:21.0487 1052 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:41:21.0493 1052 SharedAccess - ok
14:41:21.0541 1052 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:41:21.0544 1052 ShellHWDetection - ok
14:41:21.0562 1052 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:41:21.0563 1052 SiSRaid2 - ok
14:41:21.0597 1052 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:41:21.0599 1052 SiSRaid4 - ok
14:41:21.0679 1052 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
14:41:21.0697 1052 slsvc - ok
14:41:21.0741 1052 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:41:21.0744 1052 SLUINotify - ok
14:41:21.0797 1052 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:41:21.0798 1052 Smb - ok
14:41:21.0811 1052 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:41:21.0813 1052 SNMPTRAP - ok
14:41:21.0868 1052 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
14:41:21.0869 1052 spldr - ok
14:41:21.0897 1052 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
14:41:21.0901 1052 Spooler - ok
14:41:21.0938 1052 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
14:41:21.0942 1052 srv - ok
14:41:22.0002 1052 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:41:22.0004 1052 srv2 - ok
14:41:22.0061 1052 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:41:22.0063 1052 srvnet - ok
14:41:22.0078 1052 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:41:22.0082 1052 SSDPSRV - ok
14:41:22.0129 1052 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:41:22.0133 1052 SstpSvc - ok
14:41:22.0183 1052 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
14:41:22.0189 1052 stisvc - ok
14:41:22.0198 1052 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:41:22.0199 1052 swenum - ok
14:41:22.0258 1052 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
14:41:22.0275 1052 swprv - ok
14:41:22.0288 1052 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:41:22.0290 1052 Symc8xx - ok
14:41:22.0307 1052 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:41:22.0309 1052 Sym_hi - ok
14:41:22.0325 1052 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:41:22.0327 1052 Sym_u3 - ok
14:41:22.0384 1052 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
14:41:22.0394 1052 SysMain - ok
14:41:22.0442 1052 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:41:22.0445 1052 TabletInputService - ok
14:41:22.0493 1052 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:41:22.0497 1052 TapiSrv - ok
14:41:22.0511 1052 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
14:41:22.0514 1052 TBS - ok
14:41:22.0598 1052 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:41:22.0610 1052 Tcpip - ok
14:41:22.0648 1052 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:41:22.0659 1052 Tcpip6 - ok
14:41:22.0702 1052 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:41:22.0704 1052 tcpipreg - ok
14:41:22.0716 1052 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:41:22.0718 1052 TDPIPE - ok
14:41:22.0737 1052 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:41:22.0739 1052 TDTCP - ok
14:41:22.0792 1052 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:41:22.0793 1052 tdx - ok
14:41:22.0806 1052 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:41:22.0807 1052 TermDD - ok
14:41:22.0867 1052 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
14:41:22.0874 1052 TermService - ok
14:41:22.0891 1052 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
14:41:22.0895 1052 Themes - ok
14:41:22.0918 1052 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
14:41:22.0920 1052 THREADORDER - ok
14:41:23.0040 1052 [ 3199a477f0f06eede41bd55179f8eb05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
14:41:23.0042 1052 TomTomHOMEService - ok
14:41:23.0059 1052 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
14:41:23.0062 1052 TrkWks - ok
14:41:23.0125 1052 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:41:23.0126 1052 TrustedInstaller - ok
14:41:23.0144 1052 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:23.0146 1052 tssecsrv - ok
14:41:23.0200 1052 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:41:23.0201 1052 tunmp - ok
14:41:23.0240 1052 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:41:23.0241 1052 tunnel - ok
14:41:23.0256 1052 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:41:23.0258 1052 uagp35 - ok
14:41:23.0299 1052 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:41:23.0305 1052 udfs - ok
14:41:23.0318 1052 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:41:23.0322 1052 UI0Detect - ok
14:41:23.0343 1052 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:41:23.0345 1052 uliagpkx - ok
14:41:23.0378 1052 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:41:23.0383 1052 uliahci - ok
14:41:23.0402 1052 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:41:23.0405 1052 UlSata - ok
14:41:23.0426 1052 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:41:23.0430 1052 ulsata2 - ok
14:41:23.0436 1052 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:41:23.0438 1052 umbus - ok
14:41:23.0458 1052 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
14:41:23.0463 1052 upnphost - ok
14:41:23.0526 1052 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:23.0528 1052 usbccgp - ok
14:41:23.0550 1052 [ 9247f7e0b65852c1f6631480984d6ed2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:41:23.0553 1052 usbcir - ok
14:41:23.0581 1052 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:41:23.0582 1052 usbehci - ok
14:41:23.0629 1052 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:41:23.0632 1052 usbhub - ok
14:41:23.0651 1052 [ eba14ef0c07cec233f1529c698d0d154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:41:23.0653 1052 usbohci - ok
14:41:23.0672 1052 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:41:23.0673 1052 usbprint - ok
14:41:23.0713 1052 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:41:23.0715 1052 usbscan - ok
14:41:23.0770 1052 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:23.0773 1052 USBSTOR - ok
14:41:23.0816 1052 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:41:23.0818 1052 usbuhci - ok
14:41:23.0888 1052 [ 1e36bb1a3c5aaf2aa9fa9a126df8c16c ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:41:23.0890 1052 usb_rndisx - ok
14:41:23.0942 1052 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
14:41:23.0945 1052 UxSms - ok
14:41:23.0991 1052 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
14:41:24.0008 1052 vds - ok
14:41:24.0060 1052 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:24.0062 1052 vga - ok
14:41:24.0075 1052 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:41:24.0076 1052 VgaSave - ok
14:41:24.0088 1052 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
14:41:24.0089 1052 viaide - ok
14:41:24.0105 1052 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:41:24.0107 1052 volmgr - ok
14:41:24.0156 1052 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:41:24.0160 1052 volmgrx - ok
14:41:24.0207 1052 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:41:24.0210 1052 volsnap - ok
14:41:24.0229 1052 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:41:24.0233 1052 vsmraid - ok
14:41:24.0313 1052 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
14:41:24.0326 1052 VSS - ok
14:41:24.0368 1052 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
14:41:24.0374 1052 W32Time - ok
14:41:24.0392 1052 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:41:24.0394 1052 WacomPen - ok
14:41:24.0437 1052 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:41:24.0439 1052 Wanarp - ok
14:41:24.0443 1052 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:41:24.0445 1052 Wanarpv6 - ok
14:41:24.0514 1052 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:41:24.0530 1052 wcncsvc - ok
14:41:24.0561 1052 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:41:24.0564 1052 WcsPlugInService - ok
14:41:24.0578 1052 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
14:41:24.0580 1052 Wd - ok
14:41:24.0610 1052 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:41:24.0618 1052 Wdf01000 - ok
14:41:24.0628 1052 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:41:24.0631 1052 WdiServiceHost - ok
14:41:24.0636 1052 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:41:24.0638 1052 WdiSystemHost - ok
14:41:24.0689 1052 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
14:41:24.0693 1052 WebClient - ok
14:41:24.0721 1052 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:41:24.0727 1052 Wecsvc - ok
14:41:24.0735 1052 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:41:24.0739 1052 wercplsupport - ok
14:41:24.0751 1052 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
14:41:24.0754 1052 WerSvc - ok
14:41:24.0765 1052 WinDefend - ok
14:41:24.0771 1052 WinHttpAutoProxySvc - ok
14:41:24.0834 1052 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:41:24.0837 1052 Winmgmt - ok
14:41:24.0914 1052 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
14:41:24.0957 1052 WinRM - ok
14:41:25.0019 1052 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:41:25.0026 1052 Wlansvc - ok
14:41:25.0044 1052 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:41:25.0045 1052 WmiAcpi - ok
14:41:25.0090 1052 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:41:25.0094 1052 wmiApSrv - ok
14:41:25.0103 1052 WMPNetworkSvc - ok
14:41:25.0124 1052 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:41:25.0129 1052 WPCSvc - ok
14:41:25.0186 1052 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:41:25.0190 1052 WPDBusEnum - ok
14:41:25.0252 1052 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:41:25.0254 1052 WpdUsb - ok
14:41:25.0494 1052 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:41:25.0519 1052 WPFFontCache_v0400 - ok
14:41:25.0538 1052 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:41:25.0540 1052 ws2ifsl - ok
14:41:25.0592 1052 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
14:41:25.0594 1052 wscsvc - ok
14:41:25.0597 1052 WSearch - ok
14:41:25.0686 1052 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:41:25.0702 1052 wuauserv - ok
14:41:25.0734 1052 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:25.0736 1052 WUDFRd - ok
14:41:25.0755 1052 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:41:25.0758 1052 wudfsvc - ok
14:41:25.0764 1052 ================ Scan global ===============================
14:41:25.0788 1052 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
14:41:25.0836 1052 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
14:41:25.0853 1052 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
14:41:25.0912 1052 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
14:41:25.0916 1052 [Global] - ok
14:41:25.0917 1052 ================ Scan MBR ==================================
14:41:25.0927 1052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:41:26.0313 1052 \Device\Harddisk0\DR0 - ok
14:41:26.0313 1052 ================ Scan VBR ==================================
14:41:26.0349 1052 Boot (0x1200) (9e3a4fabbdc0156b086fe61758d77573) \Device\Harddisk0\DR0\Partition1
14:41:26.0351 1052 \Device\Harddisk0\DR0\Partition1 - ok
14:41:26.0353 1052 Boot (0x1200) (e63f85eb76a88ae1e2cdf6eb15d60509) \Device\Harddisk0\DR0\Partition2
14:41:26.0355 1052 \Device\Harddisk0\DR0\Partition2 - ok
14:41:26.0356 1052 ============================================================
14:41:26.0356 1052 Scan finished
14:41:26.0356 1052 ============================================================
14:41:26.0364 5016 Detected object count: 0
14:41:26.0364 5016 Actual detected object count: 0


Following is the log from aswMBR. While this scan took place, ESET detected this virus and put it in quarantine - "a variant of Win32/Sirefef.FD trojan".

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 14:44:19
-----------------------------
14:44:19.573 OS Version: Windows x64 6.0.6002 Service Pack 2
14:44:19.573 Number of processors: 4 586 0xF0B
14:44:19.574 ComputerName: STONEWALL-PC UserName: Elayna
14:44:21.839 Initialize success
14:45:28.923 AVAST engine defs: 12081503
14:46:15.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:46:15.102 Disk 0 Vendor: WDC_WD5000AAKS-75A7B0 01.03B01 Size: 476940MB BusType: 3
14:46:15.115 Disk 0 MBR read successfully
14:46:15.118 Disk 0 MBR scan
14:46:15.125 Disk 0 Windows VISTA default MBR code
14:46:15.128 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
14:46:15.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 98304
14:46:15.160 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461531 MB offset 31555584
14:46:15.185 Disk 0 scanning C:\Windows\system32\drivers
14:46:26.797 Service scanning
14:46:50.226 Modules scanning
14:46:50.234 Disk 0 trace - called modules:
14:46:50.261 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:46:50.267 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074b7300]
14:46:50.272 3 CLASSPNP.SYS[fffffa6000eacc33] -> nt!IofCallDriver -> [0xfffffa80073b23b0]
14:46:50.277 5 PCTCore64.sys[fffffa6000ae4720] -> nt!IofCallDriver -> [0xfffffa800612c800]
14:46:50.282 7 acpi.sys[fffffa6000940fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006131060]
14:46:52.995 AVAST engine scan C:\Windows
14:47:00.028 AVAST engine scan C:\Windows\system32
14:50:32.387 AVAST engine scan C:\Windows\system32\drivers
14:51:00.612 AVAST engine scan C:\Users\Elayna
14:54:53.804 File: C:\Users\Elayna\AppData\Local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\U\00000004.@ **INFECTED** Win32:Malware-gen
14:56:50.403 AVAST engine scan C:\ProgramData
14:59:31.710 Scan finished successfully
15:01:30.232 Disk 0 MBR has been saved successfully to "C:\Users\Elayna\Desktop\MBR.dat"
15:01:30.239 The log file has been saved successfully to "C:\Users\Elayna\Desktop\aswMBR.txt"


My PC appears to be running normally.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 15 August 2012 - 02:51 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 16 August 2012 - 03:00 PM

Here is the log from RogueKiller:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Elayna [Admin rights]
Mode: Remove -- Date: 08/16/2012 15:49:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Apple Computer (rundll32.exe "C:\Users\Elayna\AppData\Local\VirtualStore\Apple Computer\xmgczkkyz.dll",CreateInstance) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\elayna\appdata\local\{6eb0a513-f5b7-ead8-011e-e021d14b6718}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] 097e782d3df98f39b7a073443f617f4a
[BSP] cb96dfa00f188250b5f4e01fecd4dba3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31555584 | Size: 461531 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



A few things happened while running RogueKiller. First, the official site for RK popped up two or three times. Then ESET posted another message about "a variant of Win32/Sirefef.FD trojan" being quarantined. Only this time, it listed the location of the virus as c:\users\elayna\desktop\RK_quarantine\80000032.@.vir. Then My Documents folder suddenly opened. The computer is running fine at the moment.

EDIT: 2 hours after my post - Google searches are now being redirected. Grr!

Edited by elayna_j, 16 August 2012 - 04:23 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 17 August 2012 - 01:20 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 17 August 2012 - 03:14 PM

Hello Gringo,
I deleted the old ComboFix and installed the updated one. The scan ran without incident, except for the "C:\\Windows\system32\GfxUI.exe 'a device attached to the system is not functioning'" error message appearing. I have run a few google searches, clicked around, and had no redirects. No other problems have presented themselves in the past hour or so since running ComboFix. Here is the log:

ComboFix 12-08-17.03 - Elayna 08/17/2012 14:56:14.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6108.3533 [GMT -4:00]
Running from: c:\users\Elayna\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 19:04 . 2012-08-17 19:04 -------- d-----w- c:\users\Stonewall Jackson\AppData\Local\temp
2012-08-17 19:04 . 2012-08-17 19:04 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2012-08-17 19:04 . 2012-08-17 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 07:04 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 19:08 . 2012-08-17 19:09 -------- d-----w- c:\users\Elayna\AppData\Local\temp
2012-08-06 16:20 . 2012-08-06 16:20 -------- d-----w- c:\program files\iPod
2012-08-06 16:20 . 2012-08-06 16:21 -------- d-----w- c:\program files\iTunes
2012-08-06 16:20 . 2012-08-06 16:21 -------- d-----w- c:\program files (x86)\iTunes
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-06 16:13 . 2012-08-06 16:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-06 16:13 . 2012-08-06 16:13 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:42 . 2012-04-21 00:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 10:42 . 2011-12-11 20:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:01 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-06-25 18:58 . 2012-06-28 22:07 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 18:58 . 2012-06-28 22:07 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-24 17:05 . 2012-06-24 17:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-06-24 17:05 . 2012-06-24 17:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-06-24 17:05 . 2012-06-24 17:05 106000 ----a-w- c:\windows\system32\packet.dll
2012-06-08 17:59 . 2012-07-11 09:48 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 09:49 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 09:49 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 09:49 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 09:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 09:49 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 12:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:47 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 12:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 12:47 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 12:47 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 12:47 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 12:47 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 09:49 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 09:49 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 09:49 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 09:49 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 09:49 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2009-02-17 14:59 . 2011-10-18 19:23 282624 ----a-w- c:\program files\MediaImpression.exe
2008-12-31 13:27 . 2011-10-18 19:23 790528 ----a-w- c:\program files\RctBrowser.dll
2008-12-29 22:11 . 2011-10-18 19:23 360448 ----a-w- c:\program files\PhotoViewer.exe
2008-12-29 17:48 . 2011-10-18 19:23 184320 ----a-w- c:\program files\MIDownload.exe
2008-12-11 14:34 . 2011-10-18 19:23 154112 ----a-w- c:\program files\CheckUpdate.exe
2008-12-08 17:21 . 2011-10-18 19:24 227944 ----a-w- c:\program files\CheckUpdate.dll
2008-11-24 22:35 . 2011-10-18 19:23 135168 ----a-w- c:\program files\OPRUpgrade.exe
2008-11-24 22:28 . 2011-10-18 19:23 28672 ----a-w- c:\program files\ShadowWndDll.dll
2008-11-24 22:27 . 2011-10-18 19:23 40960 ----a-w- c:\program files\USBStorageManager.dll
2008-11-24 22:27 . 2011-10-18 19:23 86016 ----a-w- c:\program files\MIMenu.dll
2008-11-24 22:23 . 2011-10-18 19:23 57344 ----a-w- c:\program files\uMyExtrasCtrl.dll
2008-11-24 22:18 . 2011-10-18 19:23 159744 ----a-w- c:\program files\uPI6CommonDll.dll
2008-11-04 21:17 . 2011-10-18 19:23 319488 ----a-w- c:\program files\OPHistory.exe
2008-09-27 20:14 . 2011-10-18 19:23 487424 ----a-w- c:\program files\OPRCommon.dll
2008-09-24 13:51 . 2011-10-18 19:23 36864 ----a-w- c:\program files\HttpAgent.dll
2008-09-05 20:01 . 2011-10-18 19:23 86016 ----a-w- c:\program files\MagUIInter.dll
2008-09-04 14:11 . 2011-10-18 19:23 104960 ----a-w- c:\program files\MagUIImage.dll
2008-09-04 14:11 . 2011-10-18 19:23 268800 ----a-w- c:\program files\MagUIEngine.dll
2008-09-04 14:11 . 2011-10-18 19:23 59904 ----a-w- c:\program files\MagPCMac.dll
2008-09-04 14:11 . 2011-10-18 19:23 55808 ----a-w- c:\program files\MagicFrame.dll
2008-09-04 14:11 . 2011-10-18 19:23 35328 ----a-w- c:\program files\MagCore.dll
2008-09-03 21:20 . 2011-10-18 19:23 59904 ----a-w- c:\program files\TETransUtility.dll
2008-09-03 21:20 . 2011-10-18 19:23 113152 ----a-w- c:\program files\TETextEngine.dll
2008-09-03 21:20 . 2011-10-18 19:23 178688 ----a-w- c:\program files\TECharEngine.dll
2008-08-01 18:31 . 2011-10-18 19:23 223744 ----a-w- c:\program files\MIArcCon.dll
2008-06-26 18:50 . 2011-10-18 19:23 756224 ----a-w- c:\program files\ToolsCtrl.dll
2008-06-26 18:49 . 2011-10-18 19:23 125440 ----a-w- c:\program files\magPltfm.dll
2008-06-26 18:48 . 2011-10-18 19:23 866816 ----a-w- c:\program files\RawEngine.dll
2008-06-26 18:48 . 2011-10-18 19:23 727552 ----a-w- c:\program files\X3FSDK.dll
2008-06-26 18:48 . 2011-10-18 19:23 158208 ----a-w- c:\program files\magFileIO.dll
2008-06-26 18:48 . 2011-10-18 19:23 436736 ----a-w- c:\program files\magFpxio.dll
2008-06-26 18:47 . 2011-10-18 19:23 350720 ----a-w- c:\program files\magTools.dll
2008-06-26 18:46 . 2011-10-18 19:23 84480 ----a-w- c:\program files\ImgCtrl.dll
2008-06-26 18:46 . 2011-10-18 19:23 350720 ----a-w- c:\program files\magengin.dll
2008-04-18 21:28 . 2011-10-18 19:23 299008 ----a-w- c:\program files\RctXMLBase.dll
2008-04-16 20:39 . 2011-10-18 19:23 78136 ----a-w- c:\program files\MagAppFramework.dll
2008-03-25 19:43 . 2011-10-18 19:23 135168 ----a-w- c:\program files\uArcPrintManager.dll
2007-05-24 14:08 . 2011-10-18 19:23 97024 ----a-w- c:\program files\MediaImpressionUpdate.exe
2007-05-24 14:04 . 2011-10-18 19:23 60160 ----a-w- c:\program files\MsgDll.dll
2007-05-24 14:03 . 2011-10-18 19:23 31488 ----a-w- c:\program files\MediaImpressionRes.dll
2007-01-09 18:58 . 2011-10-18 19:23 167936 ----a-w- c:\program files\dtype32.dll
2007-01-09 18:58 . 2011-10-18 19:23 155648 ----a-w- c:\program files\dtype32x.dll
2006-11-09 15:07 . 2011-10-18 19:23 150272 ----a-w- c:\program files\AglSwf.dll
2006-11-08 21:12 . 2011-10-18 19:23 64256 ----a-w- c:\program files\kglu.dll
2006-11-08 21:12 . 2011-10-18 19:23 256768 ----a-w- c:\program files\kgl.dll
2006-11-08 18:54 . 2011-10-18 19:23 895744 ----a-w- c:\program files\uEzDll.dll
2006-10-14 20:13 . 2011-10-18 19:23 981760 ----a-w- c:\program files\mfc42u.dll
2006-09-22 14:17 . 2011-10-18 19:23 221184 ----a-w- c:\program files\Res_Dll.dll
2006-01-24 14:20 . 2011-10-18 19:23 1645320 ----a-w- c:\program files\gdiplus.dll
2005-06-21 14:29 . 2011-10-18 19:23 245408 ----a-w- c:\program files\unicows.dll
2005-05-27 19:09 . 2011-10-18 19:23 1024082 ----a-w- c:\program files\MFC42LU.DLL
2005-05-27 18:58 . 2011-10-18 19:23 393216 ----a-w- c:\program files\MSLUP60.dll
2005-05-27 18:58 . 2011-10-18 19:23 249856 ----a-w- c:\program files\MSLURT.dll
2005-04-14 04:05 . 2011-10-18 19:23 81920 ----a-w- c:\program files\PICSDK3.dll
2004-08-17 16:00 . 2011-10-18 19:23 413696 ----a-w- c:\program files\msvcp60.dll
2004-03-03 04:10 . 2011-10-18 19:23 483328 ----a-w- c:\program files\PICSDK.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_19.13.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-12 18:49 . 2012-05-15 06:33 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-14 20:19 . 2012-06-28 11:32 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-14 20:19 . 2012-06-28 08:18 13312 c:\windows\SysWOW64\msfeedssync.exe
- 2012-06-12 18:48 . 2012-05-15 03:24 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-08-14 20:19 . 2012-06-28 11:32 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2012-06-12 18:48 . 2012-05-15 06:33 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2012-06-12 18:49 . 2012-05-15 06:37 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-14 20:19 . 2012-06-28 11:37 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-14 20:19 . 2012-06-28 11:32 43520 c:\windows\SysWOW64\licmgr10.dll
- 2012-06-12 18:48 . 2012-05-15 06:32 43520 c:\windows\SysWOW64\licmgr10.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 25600 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-12 18:49 . 2012-05-15 06:32 25600 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-12 18:48 . 2012-05-15 06:31 71680 c:\windows\SysWOW64\iesetup.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 71680 c:\windows\SysWOW64\iesetup.dll
- 2012-06-12 18:48 . 2012-05-15 06:31 55808 c:\windows\SysWOW64\iernonce.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 55808 c:\windows\SysWOW64\iernonce.dll
- 2008-01-21 03:20 . 2012-08-14 19:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-17 19:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-17 19:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-14 19:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 15:45 . 2012-08-17 19:10 81102 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-20 14:59 . 2012-08-17 19:10 11518 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2589664663-3146710051-920947708-1002_UserData.bin
- 2012-06-12 18:49 . 2012-05-15 02:15 98304 c:\windows\system32\mshtmled.dll
+ 2012-08-14 20:19 . 2012-06-28 06:49 98304 c:\windows\system32\mshtmled.dll
- 2012-06-12 18:48 . 2012-05-15 00:39 12288 c:\windows\system32\msfeedssync.exe
+ 2012-08-14 20:19 . 2012-06-28 05:10 12288 c:\windows\system32\msfeedssync.exe
+ 2012-08-14 20:19 . 2012-06-28 06:49 71680 c:\windows\system32\msfeedsbs.dll
- 2012-06-12 18:48 . 2012-05-15 02:15 71680 c:\windows\system32\msfeedsbs.dll
- 2012-06-12 18:48 . 2012-05-15 02:19 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-14 20:19 . 2012-06-28 06:53 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-14 20:19 . 2012-06-28 06:48 56832 c:\windows\system32\licmgr10.dll
- 2012-06-12 18:48 . 2012-05-15 02:15 56832 c:\windows\system32\licmgr10.dll
- 2012-06-12 18:48 . 2012-05-15 02:15 31744 c:\windows\system32\jsproxy.dll
+ 2012-08-14 20:19 . 2012-06-28 06:48 31744 c:\windows\system32\jsproxy.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 77312 c:\windows\system32\iesetup.dll
- 2012-06-12 18:48 . 2012-05-15 02:14 77312 c:\windows\system32\iesetup.dll
- 2012-06-12 18:48 . 2012-05-15 02:14 72192 c:\windows\system32\iernonce.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 72192 c:\windows\system32\iernonce.dll
- 2012-06-12 18:48 . 2012-05-15 00:40 70656 c:\windows\system32\ie4uinit.exe
+ 2012-08-14 20:19 . 2012-06-28 05:11 70656 c:\windows\system32\ie4uinit.exe
+ 2008-12-10 02:34 . 2012-08-15 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-10 02:34 . 2012-08-07 10:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-10 02:34 . 2012-08-15 18:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-10 02:34 . 2012-08-07 10:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-10 02:34 . 2012-08-15 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-10 02:34 . 2012-08-07 10:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 17:46 . 2012-08-14 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 17:46 . 2012-07-30 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 17:46 . 2012-08-14 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-10 17:46 . 2012-07-30 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-11 07:04 . 2012-05-11 07:04 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-15 07:06 . 2012-08-15 07:06 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-15 07:06 . 2012-08-15 07:06 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-11 07:14 . 2012-05-11 07:14 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-08-14 19:11 . 2012-08-14 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 19:06 . 2012-08-17 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 19:06 . 2012-08-17 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 19:11 . 2012-08-14 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 18:49 . 2012-05-15 06:37 916992 c:\windows\SysWOW64\wininet.dll
+ 2012-08-14 20:19 . 2012-06-28 11:37 916992 c:\windows\SysWOW64\wininet.dll
- 2011-04-12 21:43 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-08-14 20:19 . 2012-06-16 11:19 420864 c:\windows\SysWOW64\vbscript.dll
- 2012-06-12 18:49 . 2012-05-15 06:37 105984 c:\windows\SysWOW64\url.dll
+ 2012-08-14 20:19 . 2012-06-28 11:37 105984 c:\windows\SysWOW64\url.dll
- 2012-06-12 18:48 . 2012-05-15 06:35 206848 c:\windows\SysWOW64\occache.dll
+ 2012-08-14 20:19 . 2012-06-28 11:35 206848 c:\windows\SysWOW64\occache.dll
+ 2012-08-14 20:19 . 2012-06-29 16:01 467968 c:\windows\SysWOW64\netapi32.dll
+ 2012-08-14 20:19 . 2012-06-28 11:33 611840 c:\windows\SysWOW64\mstime.dll
- 2012-06-12 18:48 . 2012-05-15 06:33 611840 c:\windows\SysWOW64\mstime.dll
+ 2012-08-14 20:19 . 2012-06-28 11:32 629760 c:\windows\SysWOW64\msfeeds.dll
- 2012-06-12 18:49 . 2012-05-15 06:33 629760 c:\windows\SysWOW64\msfeeds.dll
+ 2012-08-15 10:42 . 2012-08-15 10:42 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 10:42 . 2012-08-15 10:42 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-21 00:26 . 2012-08-15 10:42 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-21 00:26 . 2012-08-02 19:42 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-14 20:19 . 2012-05-11 15:57 623616 c:\windows\SysWOW64\localspl.dll
- 2009-06-09 19:30 . 2009-04-23 12:14 623616 c:\windows\SysWOW64\localspl.dll
+ 2012-08-14 20:19 . 2012-06-16 11:14 727040 c:\windows\SysWOW64\jscript.dll
+ 2012-08-14 20:19 . 2012-06-28 08:19 133632 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-12 18:48 . 2012-05-15 03:26 133632 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-12 18:48 . 2012-05-15 06:31 164352 c:\windows\SysWOW64\ieui.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 164352 c:\windows\SysWOW64\ieui.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 109056 c:\windows\SysWOW64\iesysprep.dll
- 2012-06-12 18:48 . 2012-05-15 06:31 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 184320 c:\windows\SysWOW64\iepeers.dll
- 2012-06-12 18:48 . 2012-05-15 06:31 184320 c:\windows\SysWOW64\iepeers.dll
- 2012-06-12 18:48 . 2012-05-15 06:31 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 387584 c:\windows\SysWOW64\iedkcs32.dll
- 2012-06-12 18:48 . 2012-05-15 03:25 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-08-14 20:19 . 2012-06-28 08:19 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2008-01-21 03:20 . 2012-08-17 19:07 442368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 20:44 . 2012-08-17 18:44 330456 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-02-07 20:44 . 2012-08-14 18:26 330456 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-14 20:19 . 2012-06-16 07:02 610816 c:\windows\system32\vbscript.dll
- 2012-06-12 18:48 . 2012-05-15 02:19 108032 c:\windows\system32\url.dll
+ 2012-08-14 20:19 . 2012-06-28 06:53 108032 c:\windows\system32\url.dll
- 2006-11-02 12:46 . 2012-06-19 21:04 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-15 00:24 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-06-19 21:04 104202 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-15 00:24 104202 c:\windows\system32\perfc009.dat
+ 2012-08-14 20:19 . 2012-06-28 06:51 243712 c:\windows\system32\occache.dll
- 2012-06-12 18:48 . 2012-05-15 02:18 243712 c:\windows\system32\occache.dll
- 2009-09-24 19:06 . 2009-04-11 07:11 648192 c:\windows\system32\netapi32.dll
+ 2012-08-14 20:19 . 2012-06-29 16:20 648192 c:\windows\system32\netapi32.dll
- 2012-06-12 18:49 . 2012-05-15 02:15 742912 c:\windows\system32\msfeeds.dll
+ 2012-08-14 20:19 . 2012-06-28 06:49 742912 c:\windows\system32\msfeeds.dll
+ 2012-08-15 10:42 . 2012-08-15 10:42 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 10:42 . 2012-08-15 10:42 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-14 20:19 . 2012-05-11 16:34 788480 c:\windows\system32\localspl.dll
+ 2012-08-14 20:19 . 2012-06-16 06:58 818176 c:\windows\system32\jscript.dll
- 2012-06-12 18:48 . 2012-05-15 00:40 162816 c:\windows\system32\ieUnatt.exe
+ 2012-08-14 20:19 . 2012-06-28 05:11 162816 c:\windows\system32\ieUnatt.exe
- 2012-06-12 18:48 . 2012-05-15 02:14 219136 c:\windows\system32\ieui.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 219136 c:\windows\system32\ieui.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 132096 c:\windows\system32\iesysprep.dll
- 2012-06-12 18:48 . 2012-05-15 02:14 132096 c:\windows\system32\iesysprep.dll
- 2012-06-12 18:48 . 2012-05-15 02:14 252416 c:\windows\system32\iepeers.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 252416 c:\windows\system32\iepeers.dll
- 2012-06-12 18:48 . 2012-05-15 02:14 459776 c:\windows\system32\iedkcs32.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 459776 c:\windows\system32\iedkcs32.dll
- 2006-11-02 15:21 . 2012-07-15 07:23 359784 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 15:21 . 2012-08-15 07:24 359784 c:\windows\system32\FNTCACHE.DAT
+ 2011-02-23 02:56 . 2012-08-17 19:05 331688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-23 02:56 . 2012-08-14 19:10 331688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\28c2875.msp
+ 2008-12-14 19:43 . 2012-08-15 07:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-14 19:43 . 2012-08-15 07:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-06-23 14:54 . 2011-06-23 14:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-14 20:19 . 2012-06-28 11:37 1212416 c:\windows\SysWOW64\urlmon.dll
- 2012-06-12 18:49 . 2012-05-15 06:37 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-14 20:19 . 2012-06-28 11:32 6008320 c:\windows\SysWOW64\mshtml.dll
+ 2012-08-14 20:19 . 2012-06-28 11:31 2000384 c:\windows\SysWOW64\iertutil.dll
- 2012-06-12 18:49 . 2012-05-15 06:31 2000384 c:\windows\SysWOW64\iertutil.dll
- 2012-06-12 18:49 . 2012-05-15 02:19 1147392 c:\windows\system32\wininet.dll
+ 2012-08-14 20:19 . 2012-06-28 06:53 1147392 c:\windows\system32\wininet.dll
- 2012-06-12 18:49 . 2012-05-15 02:19 1488384 c:\windows\system32\urlmon.dll
+ 2012-08-14 20:19 . 2012-06-28 06:53 1488384 c:\windows\system32\urlmon.dll
- 2012-06-12 18:48 . 2012-05-15 02:16 1062912 c:\windows\system32\mstime.dll
+ 2012-08-14 20:19 . 2012-06-28 06:49 1062912 c:\windows\system32\mstime.dll
- 2012-06-12 18:49 . 2012-05-15 02:15 9328640 c:\windows\system32\mshtml.dll
+ 2012-08-14 20:19 . 2012-06-28 06:49 9328640 c:\windows\system32\mshtml.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 2350592 c:\windows\system32\iertutil.dll
- 2012-06-12 18:49 . 2012-05-15 02:14 2350592 c:\windows\system32\iertutil.dll
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\28c2890.msp
+ 2008-12-14 19:43 . 2012-08-15 07:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-14 19:43 . 2012-07-15 07:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-08-14 20:19 . 2012-06-28 11:31 11111424 c:\windows\SysWOW64\ieframe.dll
- 2012-06-12 18:49 . 2012-05-15 06:31 11111424 c:\windows\SysWOW64\ieframe.dll
+ 2006-11-02 12:33 . 2012-08-15 07:22 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 12:33 . 2012-07-15 07:22 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2012-06-12 18:49 . 2012-05-15 02:14 12508672 c:\windows\system32\ieframe.dll
+ 2012-08-14 20:19 . 2012-06-28 06:47 12508672 c:\windows\system32\ieframe.dll
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\28c2887.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\28c284c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-05 39408]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-01-08 963072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Stonewall Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Elayna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2008-12-16 221247]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*Deregistered* - PCTSDInjDriver64
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:42]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 21:30]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 21:30]
.
2012-08-17 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-12-05 11:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"Skytel"="Skytel.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF10483.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2012-08-17 15:17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 19:17
ComboFix2.txt 2012-08-14 19:21
.
Pre-Run: 337,460,310,016 bytes free
Post-Run: 337,431,445,504 bytes free
.
- - End Of File - - 396489FBBF55D24C197213B39AEA498C

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 17 August 2012 - 05:58 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 18 August 2012 - 10:01 AM

Hello Gringo,
The computer has been running normally this morning. However, when I got to the PC this morn, I could see that PC Doctor did run a scheduled scan overnight, and quarantined 5 different trojan viruses.

OTL logfile created on: 8/18/2012 7:58:12 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Elayna\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 70.71% Memory free
12.12 Gb Paging File | 10.07 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 313.86 Gb Free Space | 69.64% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.30 Gb Free Space | 55.32% Space Free | Partition Type: NTFS

Computer Name: STONEWALL-PC | User Name: Elayna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Elayna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\NPF.sys (CACE Technologies, Inc.)
DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools)
DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\Drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\Drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\DRIVERS\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\DRIVERS\EpfwLWF.sys (ESET)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes,DefaultScope = {547EEAAC-3665-4e6c-B326-C622D698543A}
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{40554701-FA3D-437A-9A50-161F50EFDD89}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1550
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{DFF8CD8E-E1DD-44CE-B20A-6DAD8778C936}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TXUS&apn_uid=E3BAE78C-FE8C-44DD-8561-31E8A0443BBE&apn_sauid=6869C604-657E-4CDD-93F2-8D430CBA711E&
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/01/31 19:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/10/18 15:27:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011/10/18 15:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/08 19:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/31 19:10:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/17 15:09:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3:64bit: - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Default\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Elayna\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Nathan\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Stonewall Jackson\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F5F0546-441F-4C20-AA49-1A578EB8E056}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Elayna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Elayna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 07:56:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Elayna\Desktop\OTL.exe
[2012/08/17 15:17:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 15:09:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/17 14:51:49 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Elayna\Desktop\ComboFix.exe
[2012/08/16 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\Elayna\Desktop\RK_Quarantine
[2012/08/15 14:44:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Elayna\Desktop\aswMBR.exe
[2012/08/15 14:39:08 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Elayna\Desktop\tdsskiller.exe
[2012/08/14 16:19:47 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 16:19:46 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/14 16:19:46 | 000,610,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/14 16:19:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/14 16:19:37 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/14 16:19:37 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/14 16:19:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/14 16:19:36 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/14 16:19:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/14 16:19:36 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/14 16:19:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/14 16:19:36 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/14 16:19:36 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/14 16:19:36 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/14 16:19:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/14 16:19:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/14 16:19:36 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/14 16:19:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/14 16:19:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/14 16:19:35 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/14 16:19:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/14 16:19:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/14 16:19:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/14 16:19:32 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/14 16:19:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/14 16:19:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/14 16:19:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/14 16:19:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/14 16:19:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/14 16:19:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/14 16:19:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/14 16:19:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/14 16:19:28 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 16:19:27 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/14 16:19:24 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/14 15:08:00 | 000,000,000 | ---D | C] -- C:\Users\Elayna\AppData\Local\temp
[2012/08/14 14:54:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 14:54:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 14:54:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 14:53:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 14:53:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\Elayna\Documents\How to make your own pore strips_files
[2012/08/08 07:34:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elayna\Desktop\dds.com
[2012/08/06 12:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/06 12:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/06 12:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/06 12:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/06 12:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/06 12:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/18 15:24:19 | 000,227,944 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\CheckUpdate.dll
[2011/10/18 15:23:49 | 000,895,744 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\uEzDll.dll
[2011/10/18 15:23:49 | 000,756,224 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\ToolsCtrl.dll
[2011/10/18 15:23:49 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[2011/10/18 15:23:49 | 000,178,688 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\TECharEngine.dll
[2011/10/18 15:23:49 | 000,159,744 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\uPI6CommonDll.dll
[2011/10/18 15:23:49 | 000,135,168 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\uArcPrintManager.dll
[2011/10/18 15:23:49 | 000,113,152 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\TETextEngine.dll
[2011/10/18 15:23:49 | 000,059,904 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\TETransUtility.dll
[2011/10/18 15:23:49 | 000,057,344 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\uMyExtrasCtrl.dll
[2011/10/18 15:23:49 | 000,040,960 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\USBStorageManager.dll
[2011/10/18 15:23:49 | 000,028,672 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\ShadowWndDll.dll
[2011/10/18 15:23:48 | 000,866,816 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\RawEngine.dll
[2011/10/18 15:23:48 | 000,790,528 | ---- | C] (ArcSoft) -- C:\Program Files\RctBrowser.dll
[2011/10/18 15:23:48 | 000,487,424 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\OPRCommon.dll
[2011/10/18 15:23:48 | 000,483,328 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Program Files\PICSDK.dll
[2011/10/18 15:23:48 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll
[2011/10/18 15:23:48 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Program Files\MSLUP60.dll
[2011/10/18 15:23:48 | 000,360,448 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\PhotoViewer.exe
[2011/10/18 15:23:48 | 000,319,488 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\OPHistory.exe
[2011/10/18 15:23:48 | 000,299,008 | ---- | C] (ArcSoft) -- C:\Program Files\RctXMLBase.dll
[2011/10/18 15:23:48 | 000,249,856 | ---- | C] (Sample Corporation) -- C:\Program Files\MSLURT.dll
[2011/10/18 15:23:48 | 000,221,184 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\Res_Dll.dll
[2011/10/18 15:23:48 | 000,184,320 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MIDownload.exe
[2011/10/18 15:23:48 | 000,135,168 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\OPRUpgrade.exe
[2011/10/18 15:23:48 | 000,086,016 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\MIMenu.dll
[2011/10/18 15:23:48 | 000,081,920 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Program Files\PICSDK3.dll
[2011/10/18 15:23:48 | 000,060,160 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\MsgDll.dll
[2011/10/18 15:23:47 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2011/10/18 15:23:47 | 001,024,082 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42LU.DLL
[2011/10/18 15:23:47 | 000,981,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42u.dll
[2011/10/18 15:23:47 | 000,436,736 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\magFpxio.dll
[2011/10/18 15:23:47 | 000,350,720 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\magTools.dll
[2011/10/18 15:23:47 | 000,350,720 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\magengin.dll
[2011/10/18 15:23:47 | 000,282,624 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\MediaImpression.exe
[2011/10/18 15:23:47 | 000,268,800 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagUIEngine.dll
[2011/10/18 15:23:47 | 000,256,768 | ---- | C] (arcsoft) -- C:\Program Files\kgl.dll
[2011/10/18 15:23:47 | 000,223,744 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MIArcCon.dll
[2011/10/18 15:23:47 | 000,158,208 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\magFileIO.dll
[2011/10/18 15:23:47 | 000,125,440 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\magPltfm.dll
[2011/10/18 15:23:47 | 000,104,960 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagUIImage.dll
[2011/10/18 15:23:47 | 000,097,024 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\MediaImpressionUpdate.exe
[2011/10/18 15:23:47 | 000,086,016 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagUIInter.dll
[2011/10/18 15:23:47 | 000,084,480 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\ImgCtrl.dll
[2011/10/18 15:23:47 | 000,078,136 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagAppFramework.dll
[2011/10/18 15:23:47 | 000,064,256 | ---- | C] (arcsoft) -- C:\Program Files\kglu.dll
[2011/10/18 15:23:47 | 000,059,904 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagPCMac.dll
[2011/10/18 15:23:47 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagicFrame.dll
[2011/10/18 15:23:47 | 000,036,864 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\HttpAgent.dll
[2011/10/18 15:23:47 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\MagCore.dll
[2011/10/18 15:23:47 | 000,031,488 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\MediaImpressionRes.dll
[2011/10/18 15:23:46 | 000,167,936 | ---- | C] (D-Type Solutions) -- C:\Program Files\dtype32.dll
[2011/10/18 15:23:46 | 000,155,648 | ---- | C] (D-Type Solutions) -- C:\Program Files\dtype32x.dll
[2011/10/18 15:23:46 | 000,154,112 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\CheckUpdate.exe
[2011/10/18 15:23:46 | 000,150,272 | ---- | C] (ArcSoft Inc.) -- C:\Program Files\AglSwf.dll

========== Files - Modified Within 30 Days ==========

[2012/08/18 07:56:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Elayna\Desktop\OTL.exe
[2012/08/18 07:52:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 07:52:29 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/08/18 07:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 07:19:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 07:19:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 07:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 07:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 15:09:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/17 14:52:00 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Elayna\Desktop\ComboFix.exe
[2012/08/16 15:41:48 | 001,558,528 | ---- | M] () -- C:\Users\Elayna\Desktop\RogueKiller.exe
[2012/08/15 15:01:30 | 000,000,512 | ---- | M] () -- C:\Users\Elayna\Desktop\MBR.dat
[2012/08/15 14:44:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Elayna\Desktop\aswMBR.exe
[2012/08/15 14:39:21 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Elayna\Desktop\tdsskiller.exe
[2012/08/15 06:42:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:42:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 05:39:51 | 000,000,680 | ---- | M] () -- C:\Users\Elayna\AppData\Local\d3d9caps.dat
[2012/08/15 03:24:18 | 000,359,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 21:19:42 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/14 20:24:16 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 20:24:16 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 20:24:15 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 14:44:00 | 000,881,494 | ---- | M] () -- C:\Users\Elayna\Desktop\SecurityCheck.exe
[2012/08/13 17:18:30 | 000,116,341 | ---- | M] () -- C:\Users\Elayna\Documents\How to make your own pore strips.htm
[2012/08/08 07:34:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Elayna\Desktop\dds.com
[2012/08/08 07:33:08 | 000,000,000 | ---- | M] () -- C:\Users\Elayna\defogger_reenable
[2012/08/06 12:22:57 | 000,001,866 | ---- | M] () -- C:\Users\Elayna\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/08/06 12:11:34 | 000,001,245 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf

========== Files Created - No Company Name ==========

[2012/08/16 15:41:45 | 001,558,528 | ---- | C] () -- C:\Users\Elayna\Desktop\RogueKiller.exe
[2012/08/15 15:01:30 | 000,000,512 | ---- | C] () -- C:\Users\Elayna\Desktop\MBR.dat
[2012/08/14 14:54:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 14:54:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 14:54:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 14:54:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 14:54:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 14:43:58 | 000,881,494 | ---- | C] () -- C:\Users\Elayna\Desktop\SecurityCheck.exe
[2012/08/13 17:18:25 | 000,116,341 | ---- | C] () -- C:\Users\Elayna\Documents\How to make your own pore strips.htm
[2012/08/08 07:33:08 | 000,000,000 | ---- | C] () -- C:\Users\Elayna\defogger_reenable
[2012/06/08 19:42:00 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/01/09 22:44:45 | 000,163,169 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/01/09 22:44:45 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2011/10/18 15:24:23 | 000,000,540 | ---- | C] () -- C:\Program Files\active.dat
[2011/10/18 15:24:23 | 000,000,140 | ---- | C] () -- C:\Program Files\guid.dat
[2011/10/18 15:24:23 | 000,000,061 | ---- | C] () -- C:\Program Files\UpdaterforApp.ini
[2011/10/18 15:23:49 | 000,727,552 | ---- | C] () -- C:\Program Files\X3FSDK.dll
[2011/10/18 15:23:49 | 000,019,026 | ---- | C] () -- C:\Program Files\Thumb.xml
[2011/10/18 15:23:49 | 000,001,366 | ---- | C] () -- C:\Program Files\RocketApp.xml
[2011/10/18 15:23:48 | 000,000,528 | ---- | C] () -- C:\Program Files\OPHistory.set
[2011/10/18 15:23:48 | 000,000,327 | ---- | C] () -- C:\Program Files\PhotoViewer.xml
[2011/10/18 15:23:48 | 000,000,283 | ---- | C] () -- C:\Program Files\opautofill.conf
[2011/10/18 15:23:48 | 000,000,209 | ---- | C] () -- C:\Program Files\ps6extsupport.xml
[2011/10/18 15:23:48 | 000,000,097 | ---- | C] () -- C:\Program Files\PICSDK.ini
[2011/10/18 15:23:47 | 000,000,584 | ---- | C] () -- C:\Program Files\MediaImpression.set
[2011/10/18 15:23:47 | 000,000,460 | ---- | C] () -- C:\Program Files\MediaImpression.xml
[2011/10/18 15:23:47 | 000,000,383 | ---- | C] () -- C:\Program Files\magengin.ini
[2011/10/18 15:23:46 | 000,003,074 | ---- | C] () -- C:\Program Files\dtype.inf
[2011/10/18 15:23:46 | 000,002,623 | ---- | C] () -- C:\Program Files\autofill.conf
[2011/10/18 15:23:46 | 000,000,382 | ---- | C] () -- C:\Program Files\BrowserConfig.xml
[2011/10/18 15:23:46 | 000,000,291 | ---- | C] () -- C:\Program Files\checkupdate.set
[2011/10/18 15:23:46 | 000,000,069 | ---- | C] () -- C:\Program Files\ActivateWebsite.set
[2011/10/18 15:23:46 | 000,000,042 | ---- | C] () -- C:\Program Files\ccv.inf
[2011/02/10 16:52:00 | 003,231,912 | ---- | C] () -- C:\Users\Elayna\fullmooninFdemo.mp3
[2011/02/10 16:48:28 | 000,000,074 | ---- | C] () -- C:\Users\Elayna\MICHELLE_MOUCK-Come_Dance_wi-clip-0-47.m3u
[2011/02/10 16:47:39 | 000,000,076 | ---- | C] () -- C:\Users\Elayna\MICHELLE_MOUCK-New_Song_for_-clip-70-135.m3u
[2011/02/10 16:46:32 | 000,000,074 | ---- | C] () -- C:\Users\Elayna\MICHELLE_MOUCK-The_Secret_of-clip-0-43.m3u
[2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/03 08:31:52 | 000,093,714 | ---- | C] () -- C:\Users\Elayna\Bassoprofundo24k.mp3
[2010/06/03 08:27:01 | 000,041,135 | ---- | C] () -- C:\Users\Elayna\AGLS2.mp3
[2010/06/03 08:25:17 | 000,038,892 | ---- | C] () -- C:\Users\Elayna\gbs.mp3
[2010/06/03 08:24:07 | 000,403,289 | ---- | C] () -- C:\Users\Elayna\YCS.mp3
[2010/06/03 08:20:54 | 000,040,728 | ---- | C] () -- C:\Users\Elayna\jws.mp3
[2010/03/03 18:17:50 | 003,276,050 | ---- | C] () -- C:\Users\Elayna\SKMBT_C55010030304580.pdf
[2009/09/01 20:09:59 | 000,000,801 | ---- | C] () -- C:\Users\Elayna\Citizens Bank Online®.mht
[2009/07/21 18:18:42 | 000,014,187 | ---- | C] () -- C:\Users\Elayna\12319_1a66fc7a-c5c4-42ef-912f-9ed073848f3d.pdf
[2009/04/22 16:45:14 | 000,003,584 | ---- | C] () -- C:\Users\Elayna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/23 17:18:47 | 000,000,680 | ---- | C] () -- C:\Users\Elayna\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 PM

Posted 18 August 2012 - 01:51 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2:64bit: - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
    O4 - Startup: C:\Users\Default\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Elayna\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Nathan\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Stonewall Jackson\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk = File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 
    IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1550
    IE - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\SearchScopes\{DFF8CD8E-E1DD-44CE-B20A-6DAD8778C936}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TXUS&apn_uid=E3BAE78C-FE8C-44DD-8561-31E8A0443BBE&apn_sauid=6869C604-657E-4CDD-93F2-8D430CBA711E&
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2589664663-3146710051-920947708-1002\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 elayna_j

elayna_j
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 20 August 2012 - 02:01 PM

Hello Gringo,
So far the PC is running fine. I ran OTL with the code you gave me and after the reboot, the notebook .txt file popped up - and it's totally blank. Is that normal??


Edit: 15 mins later - the log finally decided to show itself(?)!

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
C:\Users\Default\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\Elayna\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk moved successfully.
C:\Users\Nathan\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk moved successfully.
C:\Users\Stonewall Jackson\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Microsoft\Internet Explorer\SearchScopes\{DFF8CD8E-E1DD-44CE-B20A-6DAD8778C936}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFF8CD8E-E1DD-44CE-B20A-6DAD8778C936}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2589664663-3146710051-920947708-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Elayna\Desktop\cmd.bat deleted successfully.
C:\Users\Elayna\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Elayna
->Java cache emptied: 27833823 bytes

User: Nathan
->Java cache emptied: 19735692 bytes

User: Public

User: Stonewall Jackson
->Java cache emptied: 13307059 bytes

Total Java Files Cleaned = 58.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Elayna
->Flash cache emptied: 42235 bytes

User: Nathan
->Flash cache emptied: 21296 bytes

User: Public

User: Stonewall Jackson
->Flash cache emptied: 1814 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08202012_144511

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk not found!

PendingFileRenameOperations files...
File C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk not found!

Registry entries deleted on Reboot...

Edited by elayna_j, 20 August 2012 - 02:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users