Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 computer - Random lockups and reoccurring infection


  • This topic is locked This topic is locked
40 replies to this topic

#1 Joe Adam

Joe Adam

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 22 August 2012 - 10:34 AM

Hi all, I really need your help. I have a recurring issue with random lockups and a reoccurring virus/rootkit:

c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll

We use Combofix at work so I ran it on my one year old computer. One of the ones listed above (don't remember which) will reappear after a couple of days.

Also, when my computer locks up, I notice that the hard drive is thrashing a lot.

Some background.... I've run complete system diagnostics, all hardware passes. I was running Avast A/V but took it off and installed AVG A/V suite.

I also have the latest version of MalwareBytes installed.

The computer is fully patched with the latest AV updates and windows updates.

Can someone please help me squash these viruses/rootkits?

Thanks,
Joe

Below is the dds.txt log and I have attached the attach.txt as requested in the notes on preping for help.

Attached File  Attach.txt   31.16KB   0 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Joe at 12:15:14 on 2012-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.8664 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\dleecoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\inetsrv\wmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\SysWOW64\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [SkyDrive] "C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIFE82~1\WEB2~1\Office12\REFIEBAR.DLL
Trusted Zone: battlefield.com\battlelog
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB846AE8-460F-4483-BA29-EE029CCF5E75} : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rl4783jb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://start.roboform.com
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tclondrv;tclondrv;C:\Windows\system32\DRIVERS\tclondrv.sys --> C:\Windows\system32\DRIVERS\tclondrv.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\system32\DRIVERS\vsflt67.sys --> C:\Windows\system32\DRIVERS\vsflt67.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-5-21 3459024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-5-21 788000]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-10 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-7-18 80448]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-9-22 210792]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-19 66560]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-10 1258856]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-5-3 1302072]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-5-3 681016]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-10 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-2-13 7515000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-2-13 552312]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-8-10 927840]
R2 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/10 11:38:30;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-4-26 232944]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleeserv.exe [2011-8-15 45224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-15 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-15 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-8-15 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DrmRAudio;DrmRAudio;C:\Windows\system32\drivers\DrmRAudio.sys --> C:\Windows\system32\drivers\DrmRAudio.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-18 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-30 129976]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-22 15:46:19 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-08-22 15:07:55 -------- d-----w- C:\Program Files\CCleaner
2012-08-22 14:45:22 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B31C07F-AE92-45F5-A436-1D64196519E2}\mpengine.dll
2012-08-22 14:06:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-22 13:53:18 -------- d-----w- C:\ComboFix
2012-08-22 13:30:25 -------- d-----w- C:\Program Files (x86)\Microsoft WebMatrix
2012-08-22 13:28:37 -------- d-----w- C:\Program Files (x86)\IIS Express
2012-08-22 13:27:49 -------- d-----w- C:\ProgramData\Package Cache
2012-08-22 13:24:00 -------- d-----w- C:\Program Files\Microsoft
2012-08-22 00:36:48 9309624 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 00:31:55 -------- d-----w- C:\Users\Joe\AppData\Local\GameStop
2012-08-10 19:24:39 -------- d-----w- C:\Users\Joe\AppData\Roaming\AVG
2012-08-10 17:59:00 -------- d-----w- C:\Users\Joe\AppData\Roaming\AVG2012
2012-08-10 17:58:37 -------- d-----w- C:\Users\Joe\AppData\Local\AVG Secure Search
2012-08-10 17:58:31 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-10 17:58:27 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-10 17:58:25 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-10 17:58:25 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-10 17:58:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-10 17:58:08 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-10 17:58:08 -------- d-----w- C:\ProgramData\AVG2012
2012-08-10 17:58:08 -------- d-----w- C:\$AVG
2012-08-10 17:57:58 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-10 17:24:17 -------- d--h--w- C:\ProgramData\Common Files
2012-08-10 17:24:17 -------- d-----w- C:\ProgramData\MFAData
2012-08-10 14:10:16 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-10 14:10:16 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-10 14:10:16 6193000 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-10 14:10:16 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-10 14:10:16 2667062 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-10 14:10:16 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-10 13:33:28 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-08-08 22:26:43 -------- d-----w- C:\SkyDriveTemp
2012-07-29 23:44:18 -------- d-----w- C:\ProgramData\kinoma
2012-07-29 23:32:26 -------- d-----w- C:\ProgramData\Sony Corporation
2012-07-29 23:32:21 -------- d-----w- C:\Users\Joe\AppData\Local\kinoma
2012-07-29 23:31:42 -------- d-----w- C:\Users\Joe\AppData\Local\Sony Corporation
2012-07-29 23:31:38 -------- d-----w- C:\Program Files (x86)\Sony
2012-07-29 23:31:38 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-26 10:34:51 -------- d-----w- C:\Users\Joe\AppData\Roaming\JustCode
2012-07-26 10:34:51 -------- d-----w- C:\Users\Joe\AppData\Local\JustCode
.
==================== Find3M ====================
.
2012-08-15 14:23:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 14:23:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 23:05:56 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-06 23:05:56 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-06 23:04:54 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-06 00:35:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-06-28 21:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-06-27 00:56:53 3166792 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-06-22 14:17:31 86584 ----a-w- C:\Windows\SysWow64\drivers\adfs.sys
2012-06-22 14:17:31 86584 ----a-w- C:\Windows\System32\drivers\adfs.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 01:55:59 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 12:16:01.97 ===============

Edited by Joe Adam, 22 August 2012 - 12:51 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 26 August 2012 - 08:57 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 27 August 2012 - 02:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Hi M0le, thanks for the assist. Log from aswMDR is below....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 14:51:00
-----------------------------
14:51:00.586 OS Version: Windows x64 6.1.7601 Service Pack 1
14:51:00.586 Number of processors: 8 586 0x1A05
14:51:00.587 ComputerName: JUPITER UserName: Joe
14:51:06.280 Initialize success
14:51:36.230 AVAST engine defs: 12082700
14:51:43.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:51:43.043 Disk 0 Vendor: ST320006 CC43 Size: 1907729MB BusType: 3
14:51:43.047 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:51:43.050 Disk 1 Vendor: ST310005 CC37 Size: 953869MB BusType: 3
14:51:43.058 Disk 0 MBR read successfully
14:51:43.061 Disk 0 MBR scan
14:51:43.067 Disk 0 Windows VISTA default MBR code
14:51:43.072 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:51:43.082 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16645 MB offset 80325
14:51:43.098 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1891041 MB offset 34170255
14:51:43.119 Disk 0 scanning C:\Windows\system32\drivers
14:51:58.834 Service scanning
14:52:26.811 Modules scanning
14:52:26.823 Disk 0 trace - called modules:
14:52:26.852 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStor.sys hal.dll
14:52:26.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae90790]
14:52:26.865 3 CLASSPNP.SYS[fffff8800176443f] -> nt!IofCallDriver -> [0xfffffa800adc3b30]
14:52:26.871 5 vsflt67.sys[fffff88000e127cd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800abaf050]
14:52:38.492 AVAST engine scan C:\Windows
14:52:42.963 AVAST engine scan C:\Windows\system32
14:57:20.412 AVAST engine scan C:\Windows\system32\drivers
14:57:34.182 AVAST engine scan C:\Users\Joe
15:07:42.231 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Downloads\Virus Killer Stuff\MBR.dat"
15:07:42.232 The log file has been saved successfully to "C:\Users\Joe\Downloads\Virus Killer Stuff\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 15:08:20
-----------------------------
15:08:20.867 OS Version: Windows x64 6.1.7601 Service Pack 1
15:08:20.868 Number of processors: 8 586 0x1A05
15:08:20.868 ComputerName: JUPITER UserName: Joe
15:08:27.685 Initialize success
15:08:31.880 AVAST engine defs: 12082700
15:08:40.902 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:08:40.905 Disk 0 Vendor: ST320006 CC43 Size: 1907729MB BusType: 3
15:08:40.911 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:08:40.913 Disk 1 Vendor: ST310005 CC37 Size: 953869MB BusType: 3
15:08:40.949 Disk 0 MBR read successfully
15:08:40.951 Disk 0 MBR scan
15:08:40.954 Disk 0 Windows VISTA default MBR code
15:08:40.956 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:08:40.959 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16645 MB offset 80325
15:08:40.963 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1891041 MB offset 34170255
15:08:40.983 Disk 0 scanning C:\Windows\system32\drivers
15:08:52.883 Service scanning
15:09:16.975 Modules scanning
15:09:16.988 Disk 0 trace - called modules:
15:09:17.009 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStor.sys hal.dll
15:09:17.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae90790]
15:09:17.024 3 CLASSPNP.SYS[fffff8800176443f] -> nt!IofCallDriver -> [0xfffffa800adc3b30]
15:09:17.032 5 vsflt67.sys[fffff88000e127cd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800abaf050]
15:09:38.183 AVAST engine scan C:\Windows
15:09:59.756 AVAST engine scan C:\Windows\system32
15:14:05.429 AVAST engine scan C:\Windows\system32\drivers
15:14:24.896 AVAST engine scan C:\Users\Joe
15:15:23.094 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Downloads\Virus Killer Stuff\MBR.dat"
15:15:23.099 The log file has been saved successfully to "C:\Users\Joe\Downloads\Virus Killer Stuff\aswMBR.txt"

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 27 August 2012 - 06:42 PM

One of the ones listed above (don't remember which) will reappear after a couple of days.


If it is reappearing then there is a rootkit still here.


Can you run FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#5 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 27 August 2012 - 07:50 PM

One of the ones listed above (don't remember which) will reappear after a couple of days.


If it is reappearing then there is a rootkit still here.


Can you run FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]


Here's the requested frst log file:

Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 27-08-2012 20:47:00
Running from I:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [dleemon.exe] "C:\Program Files (x86)\Dell V715w\dleemon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V715w\ezprint.exe" [139944 2011-01-23] ()
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-04-26] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s [316072 2011-01-23] ()
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955000 2012-04-27] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2012-06-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2012-01-31] (Sony Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1162848 2012-08-10] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-08-10] ()
HKU\Joe\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-15] (Google Inc.)
HKU\Joe\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Joe\...\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.)
HKU\Joe\...\Run: [SkyDrive] "C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [238528 2012-08-18] (Microsoft Corporation)
HKU\Joe\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-08-24] (Siber Systems)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1132824 2012-04-27] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-21] (Acronis)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2011-08-15] (Creative Labs)
2 dleeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [45224 2010-05-21] ()
2 dlee_device; C:\Windows\system32\dleecoms.exe -service [1052328 2010-05-21] ( )
2 dlee_device; C:\Windows\SysWow64\dleecoms.exe -service [598696 2010-05-21] ( )
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [80448 2012-07-18] (Microsoft Corporation)
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210792 2011-09-22] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [58345832 2011-09-22] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-24] ()
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1302072 2012-05-03] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [681016 2012-05-03] (Secunia)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)
3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [431464 2011-09-22] (Microsoft Corporation)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 syncagentsrv; "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5914912 2012-04-27] (Acronis)
2 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-08-10] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]

==================== Drivers (Whitelisted) ===================

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [367200 2012-05-21] (Acronis)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-10] (AVG Technologies)
3 DrmRAudio; C:\Windows\System32\Drivers\DrmRAudio.sys [34048 2012-04-26] (Windows ® Win 7 DDK provider)
0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [137312 2012-05-21] (Acronis)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [320096 2012-05-21] (Acronis)
0 tclondrv; C:\Windows\System32\Drivers\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [1294432 2012-05-21] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [994912 2012-05-21] (Acronis)
0 vididr; C:\Windows\System32\Drivers\vididr.sys [211552 2012-05-21] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [146528 2012-05-21] (Acronis)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-27 20:46 - 2012-08-27 20:47 - 00000000 ____D C:\FRST
2012-08-27 14:32 - 2012-08-27 14:32 - 00000000 ____D C:\Users\Joe\My Documents\TuneClone
2012-08-27 14:32 - 2012-08-27 14:32 - 00000000 ____D C:\Users\Joe\Documents\TuneClone
2012-08-25 09:51 - 2012-08-25 09:51 - 00000000 ____D C:\Users\Joe\Downloads\GRFSExtras
2012-08-25 09:50 - 2012-08-25 09:50 - 00000000 ____D C:\Users\Joe\Downloads\GRFS_THEME
2012-08-25 01:23 - 2012-08-25 01:23 - 00279411 ____N C:\Windows\Minidump\082512-49748-01.dmp
2012-08-25 01:10 - 2012-08-25 01:10 - 00000000 ____A C:\Users\Joe\Downloads\Ubisof-Uplay-Avatars-BOY.zip
2012-08-24 22:34 - 2012-08-24 22:34 - 184720916 ____A C:\Users\Joe\Downloads\GRFSExtras.zip
2012-08-24 19:04 - 2012-08-24 19:04 - 12726496 ____A (Siber Systems) C:\Users\Joe\Downloads\AiRoboForm.exe
2012-08-23 19:01 - 2012-08-23 19:01 - 00003155 ____A C:\Users\Joe\Desktop\Sophos Virus Removal Tool.lnk
2012-08-23 19:01 - 2012-08-23 19:01 - 00000000 ____D C:\Users\All Users\Sophos
2012-08-23 19:01 - 2012-08-23 19:01 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-08-23 19:01 - 2012-08-23 19:01 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-08-23 18:49 - 2012-08-23 18:49 - 04765592 ____A (Piriform Ltd) C:\Users\Joe\Downloads\spsetup117.exe
2012-08-23 18:49 - 2012-08-23 18:49 - 00000758 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-08-23 18:49 - 2012-08-23 18:49 - 00000758 ____A C:\Users\All Users\Desktop\Speccy.lnk
2012-08-23 18:49 - 2012-08-23 18:49 - 00000000 ____D C:\Program Files\Speccy
2012-08-22 11:13 - 2012-08-27 19:30 - 00000000 ____D C:\Users\Joe\Downloads\Virus Killer Stuff
2012-08-22 11:13 - 2012-08-22 11:13 - 00000000 ____A C:\Users\Joe\defogger_reenable
2012-08-22 10:15 - 2012-08-22 10:15 - 00003558 ____A C:\Users\Joe\My Documents\startup.txt
2012-08-22 10:15 - 2012-08-22 10:15 - 00003558 ____A C:\Users\Joe\Documents\startup.txt
2012-08-22 09:15 - 2012-08-22 09:15 - 00107405 ____A C:\ComboFix.txt
2012-08-22 08:53 - 2012-08-22 09:15 - 00000000 ____D C:\ComboFix
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\Local Settings\dt.dat
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\Local Settings\Application Data\dt.dat
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\AppData\Local\dt.dat
2012-08-22 08:30 - 2012-08-22 08:30 - 00000000 ____D C:\Users\Joe\My Documents\IISExpress
2012-08-22 08:30 - 2012-08-22 08:30 - 00000000 ____D C:\Users\Joe\Documents\IISExpress
2012-08-22 08:30 - 2012-08-22 08:30 - 00000000 ____D C:\Program Files (x86)\Microsoft WebMatrix
2012-08-22 08:29 - 2012-08-22 08:29 - 00000026 ____A C:\Windows\System32\HostingLog-082212092917.log
2012-08-22 08:28 - 2012-08-22 08:28 - 00000000 ____D C:\Program Files (x86)\IIS Express
2012-08-22 08:27 - 2012-08-22 08:27 - 00000000 ____D C:\Users\All Users\Package Cache
2012-08-22 08:27 - 2012-08-22 08:27 - 00000000 ____D C:\Users\All Users\Application Data\Package Cache
2012-08-22 08:22 - 2012-08-22 08:22 - 00095960 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\webmatrix.3f.3f.3fnew.exe
2012-08-21 21:23 - 2012-08-21 21:23 - 02193345 ____A C:\Users\Joe\Downloads\tdsskiller (2).zip
2012-08-21 19:31 - 2012-08-21 19:31 - 00000000 ____D C:\Users\Joe\Local Settings\GameStop
2012-08-21 19:31 - 2012-08-21 19:31 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\GameStop
2012-08-21 19:31 - 2012-08-21 19:31 - 00000000 ____D C:\Users\Joe\AppData\Local\GameStop
2012-08-21 19:00 - 2012-08-21 19:00 - 00985600 ____A C:\Users\Joe\Downloads\MicrosoftFixit50123.msi
2012-08-20 16:33 - 2012-08-21 21:24 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Joe\Downloads\TDSSKiller.exe
2012-08-18 13:51 - 2012-08-18 13:51 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-18 13:51 - 2012-08-18 13:51 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-08-15 02:37 - 2012-08-15 02:37 - 01810016 ____A C:\Windows\Minidump\081512-42557-01.dmp
2012-08-10 14:24 - 2012-08-10 14:25 - 00000000 ____D C:\Users\Joe\Application Data\AVG
2012-08-10 14:24 - 2012-08-10 14:25 - 00000000 ____D C:\Users\Joe\AppData\Roaming\AVG
2012-08-10 14:23 - 2012-08-10 14:23 - 00001148 ____A C:\Users\Joe\Desktop\AVG PC Tuneup 2011.lnk
2012-08-10 14:22 - 2012-08-10 14:22 - 08351040 ____A (AVG ) C:\Users\Joe\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-10 12:59 - 2012-08-10 12:59 - 00000000 ____D C:\Users\Joe\Application Data\AVG2012
2012-08-10 12:59 - 2012-08-10 12:59 - 00000000 ____D C:\Users\Joe\AppData\Roaming\AVG2012
2012-08-10 12:58 - 2012-08-27 07:29 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-10 12:58 - 2012-08-22 08:38 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-10 12:58 - 2012-08-22 08:38 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2012-08-10 12:58 - 2012-08-10 13:10 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-10 12:58 - 2012-08-10 13:10 - 00000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-08-10 12:58 - 2012-08-10 12:58 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-10 12:58 - 2012-08-10 12:58 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-10 12:58 - 2012-08-10 12:58 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-10 12:58 - 2012-08-10 12:58 - 00000214 ____A C:\Windows\Tasks\SidebarExecute.job
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\Users\Joe\Local Settings\AVG Secure Search
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\AVG Secure Search
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\Users\Joe\AppData\Local\AVG Secure Search
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-10 12:58 - 2012-08-10 12:58 - 00000000 ____D C:\$AVG
2012-08-10 12:57 - 2012-08-10 14:23 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-10 12:24 - 2012-08-27 19:30 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-10 12:24 - 2012-08-27 19:30 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-08-10 12:24 - 2012-08-10 12:24 - 03879800 ____A (AVG Technologies) C:\Users\Joe\Downloads\avg_isct_stb_all_2012_2197_cnet.exe
2012-08-10 09:13 - 2012-08-10 09:13 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-08-10 09:13 - 2012-08-10 08:58 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\SoftThinks
2012-08-10 09:13 - 2012-08-10 08:58 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\Application Data\SoftThinks
2012-08-10 09:13 - 2012-08-10 08:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\SoftThinks
2012-08-10 09:13 - 2012-06-18 12:40 - 00000000 ____D C:\Users\UpdatusUser\Application Data\Macromedia
2012-08-10 09:13 - 2012-06-18 12:40 - 00000000 ____D C:\Users\UpdatusUser\Application Data\Adobe
2012-08-10 09:13 - 2012-06-18 12:40 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-08-10 09:13 - 2012-06-18 12:40 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
2012-08-10 09:13 - 2012-01-17 21:24 - 00000000 ____D C:\Users\UpdatusUser\Application Data\onOne Software
2012-08-10 09:13 - 2012-01-17 21:24 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software
2012-08-10 09:13 - 2011-09-16 08:24 - 00000000 ____D C:\Users\UpdatusUser\My Documents\Visual Studio 2010
2012-08-10 09:13 - 2011-09-16 08:24 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2010
2012-08-10 09:13 - 2011-08-19 18:35 - 00000000 ____D C:\Users\UpdatusUser\My Documents\Visual Studio 2005
2012-08-10 09:13 - 2011-08-19 18:35 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\Microsoft Help
2012-08-10 09:13 - 2011-08-19 18:35 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\Application Data\Microsoft Help
2012-08-10 09:13 - 2011-08-19 18:35 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2005
2012-08-10 09:13 - 2011-08-19 18:35 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2012-08-10 09:10 - 2012-06-28 18:56 - 02667062 ____A C:\Windows\System32\nvcoproc.bin
2012-08-10 09:10 - 2012-06-28 18:55 - 06193000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-08-10 09:10 - 2012-06-28 18:55 - 03266408 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-08-10 09:10 - 2012-06-28 18:55 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-08-10 09:10 - 2012-06-28 18:55 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-08-10 09:10 - 2012-06-28 18:55 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 26226536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 19828072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 18228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 15290216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 14806376 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 13365608 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-10 09:07 - 2012-06-28 22:37 - 12388712 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 09164648 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 07699304 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 02744680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 02723688 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 02573160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 02216296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 01865064 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 01758056 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 00969064 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 00828264 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-08-10 09:07 - 2012-06-28 22:37 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-08-10 09:07 - 2012-05-21 08:10 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-08-10 09:07 - 2012-05-21 08:10 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-08-10 08:33 - 2012-08-10 08:33 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-08-10 08:33 - 2012-08-10 08:33 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA Corporation
2012-08-08 17:58 - 2012-08-08 17:58 - 00001254 ____A C:\Users\Joe\Desktop\Telerik Control Panel.lnk
2012-08-08 17:53 - 2012-08-22 07:59 - 00279401 ____A C:\Windows\Minidump\082212-35069-01.dmp
2012-08-08 17:53 - 2012-08-08 17:53 - 00282784 ____A C:\Windows\Minidump\080812-36036-01.dmp
2012-08-08 17:45 - 2012-08-08 17:46 - 00000000 ____D C:\Users\Joe\Downloads\Telerik Updates
2012-08-07 18:53 - 2012-08-07 18:53 - 120051541 ____A C:\Users\Joe\Downloads\simpleweddingphotography.zip
2012-08-07 18:53 - 2012-08-07 18:53 - 00000000 ____D C:\Users\Joe\Downloads\simpleweddingphotography
2012-08-02 19:23 - 2012-08-02 19:23 - 02117108 ____A C:\Users\Joe\Downloads\tdsskiller (1).zip
2012-07-31 22:16 - 2012-07-31 22:36 - 00000000 ____D C:\Users\Joe\Downloads\Sarina Doc's
2012-07-29 21:36 - 2012-07-29 21:36 - 48359936 ____A C:\Users\Joe\Downloads\calibre-0.8.62.msi
2012-07-29 18:44 - 2012-07-29 18:44 - 00000000 ____D C:\Users\All Users\kinoma
2012-07-29 18:44 - 2012-07-29 18:44 - 00000000 ____D C:\Users\All Users\Application Data\kinoma
2012-07-29 18:34 - 2012-07-29 18:34 - 00279446 ____A C:\Windows\Minidump\072912-45240-01.dmp
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\My Documents\My Books
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\Local Settings\kinoma
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\kinoma
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\Documents\My Books
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\Application Data\Sony Corporation
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Sony Corporation
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\Joe\AppData\Local\kinoma
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\All Users\Sony Corporation
2012-07-29 18:32 - 2012-07-29 18:32 - 00000000 ____D C:\Users\All Users\Application Data\Sony Corporation
2012-07-29 18:31 - 2012-07-29 18:31 - 00002067 ____A C:\Users\Public\Desktop\Reader for PC.lnk
2012-07-29 18:31 - 2012-07-29 18:31 - 00002067 ____A C:\Users\All Users\Desktop\Reader for PC.lnk
2012-07-29 18:31 - 2012-07-29 18:31 - 00000000 ____D C:\Users\Joe\Local Settings\Sony Corporation
2012-07-29 18:31 - 2012-07-29 18:31 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\Sony Corporation
2012-07-29 18:31 - 2012-07-29 18:31 - 00000000 ____D C:\Users\Joe\AppData\Local\Sony Corporation
2012-07-29 18:31 - 2012-07-29 18:31 - 00000000 ____D C:\Program Files (x86)\Sony
2012-07-29 18:01 - 2012-07-29 18:01 - 00000081 ____A C:\Users\All Users\dlee.log
2012-07-29 18:01 - 2012-07-29 18:01 - 00000081 ____A C:\Users\All Users\Application Data\dlee.log

==================== 3 Months Modified Files ================================

2012-08-27 19:35 - 2009-07-14 00:13 - 01084810 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-27 19:34 - 2011-08-15 13:28 - 00042953 ____A C:\Users\All Users\dleescan.log
2012-08-27 19:34 - 2011-08-15 13:28 - 00042953 ____A C:\Users\All Users\Application Data\dleescan.log
2012-08-27 19:23 - 2012-04-08 08:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-27 19:23 - 2011-08-15 09:56 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-27 17:22 - 2011-08-15 09:56 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-27 14:49 - 2011-08-15 18:35 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-08-27 14:49 - 2011-08-15 16:57 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-08-27 14:41 - 2011-08-10 11:22 - 01330459 ____A C:\Windows\WindowsUpdate.log
2012-08-27 14:41 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-27 14:41 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 14:30 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-27 14:30 - 2009-07-13 23:51 - 00099389 ____A C:\Windows\setupact.log
2012-08-26 22:06 - 2011-08-25 19:06 - 00026440 ____A C:\Users\All Users\dleeJSW.log
2012-08-26 22:06 - 2011-08-25 19:06 - 00026440 ____A C:\Users\All Users\Application Data\dleeJSW.log
2012-08-26 21:32 - 2012-01-25 20:47 - 00000370 ____A C:\Users\All Users\dleeDiagnostics.log
2012-08-26 21:32 - 2012-01-25 20:47 - 00000370 ____A C:\Users\All Users\Application Data\dleeDiagnostics.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00012797 ____A C:\Users\Joe\My Documents\PerfectLayersConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00012797 ____A C:\Users\Joe\Documents\PerfectLayersConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00011728 ____A C:\Users\Joe\My Documents\PerfectEffectsConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00011728 ____A C:\Users\Joe\Documents\PerfectEffectsConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00010587 ____A C:\Users\Joe\My Documents\PerfectPortraitConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00010587 ____A C:\Users\Joe\Documents\PerfectPortraitConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00006105 ____A C:\Users\Joe\My Documents\PhotoFrameConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00006105 ____A C:\Users\Joe\Documents\PhotoFrameConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00006006 ____A C:\Users\Joe\My Documents\GenuineFractalsConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00006006 ____A C:\Users\Joe\Documents\GenuineFractalsConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00005889 ____A C:\Users\Joe\My Documents\FocalPointConduit.log
2012-08-25 14:54 - 2012-01-18 07:11 - 00005889 ____A C:\Users\Joe\Documents\FocalPointConduit.log
2012-08-25 09:53 - 2011-08-15 16:57 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-25 01:23 - 2012-08-25 01:23 - 00279411 ____N C:\Windows\Minidump\082512-49748-01.dmp
2012-08-25 01:10 - 2012-08-25 01:10 - 00000000 ____A C:\Users\Joe\Downloads\Ubisof-Uplay-Avatars-BOY.zip
2012-08-24 22:34 - 2012-08-24 22:34 - 184720916 ____A C:\Users\Joe\Downloads\GRFSExtras.zip
2012-08-24 22:20 - 2011-08-15 16:57 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-24 19:04 - 2012-08-24 19:04 - 12726496 ____A (Siber Systems) C:\Users\Joe\Downloads\AiRoboForm.exe
2012-08-23 19:01 - 2012-08-23 19:01 - 00003155 ____A C:\Users\Joe\Desktop\Sophos Virus Removal Tool.lnk
2012-08-23 18:49 - 2012-08-23 18:49 - 04765592 ____A (Piriform Ltd) C:\Users\Joe\Downloads\spsetup117.exe
2012-08-23 18:49 - 2012-08-23 18:49 - 00000758 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-08-23 18:49 - 2012-08-23 18:49 - 00000758 ____A C:\Users\All Users\Desktop\Speccy.lnk
2012-08-22 11:13 - 2012-08-22 11:13 - 00000000 ____A C:\Users\Joe\defogger_reenable
2012-08-22 10:15 - 2012-08-22 10:15 - 00003558 ____A C:\Users\Joe\My Documents\startup.txt
2012-08-22 10:15 - 2012-08-22 10:15 - 00003558 ____A C:\Users\Joe\Documents\startup.txt
2012-08-22 09:15 - 2012-08-22 09:15 - 00107405 ____A C:\ComboFix.txt
2012-08-22 09:06 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-22 09:04 - 2010-11-20 22:47 - 00102290 ____A C:\Windows\PFRO.log
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\Local Settings\dt.dat
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\Local Settings\Application Data\dt.dat
2012-08-22 08:38 - 2012-08-22 08:38 - 00027520 ____A C:\Users\Joe\AppData\Local\dt.dat
2012-08-22 08:29 - 2012-08-22 08:29 - 00000026 ____A C:\Windows\System32\HostingLog-082212092917.log
2012-08-22 08:22 - 2012-08-22 08:22 - 00095960 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\webmatrix.3f.3f.3fnew.exe
2012-08-22 07:59 - 2012-08-08 17:53 - 00279401 ____A C:\Windows\Minidump\082212-35069-01.dmp
2012-08-21 21:24 - 2012-08-20 16:33 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Joe\Downloads\TDSSKiller.exe
2012-08-21 21:23 - 2012-08-21 21:23 - 02193345 ____A C:\Users\Joe\Downloads\tdsskiller (2).zip
2012-08-21 19:00 - 2012-08-21 19:00 - 00985600 ____A C:\Users\Joe\Downloads\MicrosoftFixit50123.msi
2012-08-18 13:51 - 2012-08-18 13:51 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-18 13:51 - 2012-08-18 13:51 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-08-15 09:23 - 2012-04-08 08:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 09:23 - 2011-08-10 11:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-15 02:37 - 2012-08-15 02:37 - 01810016 ____A C:\Windows\Minidump\081512-42557-01.dmp
2012-08-15 02:00 - 2011-08-15 10:19 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-10 14:23 - 2012-08-10 14:23 - 00001148 ____A C:\Users\Joe\Desktop\AVG PC Tuneup 2011.lnk
2012-08-10 14:22 - 2012-08-10 14:22 - 08351040 ____A (AVG ) C:\Users\Joe\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-10 12:58 - 2012-08-10 12:58 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-10 12:58 - 2012-08-10 12:58 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-10 12:58 - 2012-08-10 12:58 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-10 12:58 - 2012-08-10 12:58 - 00000214 ____A C:\Windows\Tasks\SidebarExecute.job
2012-08-10 12:54 - 2011-08-15 11:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-10 12:24 - 2012-08-10 12:24 - 03879800 ____A (AVG Technologies) C:\Users\Joe\Downloads\avg_isct_stb_all_2012_2197_cnet.exe
2012-08-10 09:13 - 2012-08-10 09:13 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-08-08 17:58 - 2012-08-08 17:58 - 00001254 ____A C:\Users\Joe\Desktop\Telerik Control Panel.lnk
2012-08-08 17:53 - 2012-08-08 17:53 - 00282784 ____A C:\Windows\Minidump\080812-36036-01.dmp
2012-08-08 17:32 - 2012-06-26 21:45 - 03233712 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-08-07 19:27 - 2012-02-10 20:49 - 00233180 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-08-07 18:53 - 2012-08-07 18:53 - 120051541 ____A C:\Users\Joe\Downloads\simpleweddingphotography.zip
2012-08-02 19:23 - 2012-08-02 19:23 - 02117108 ____A C:\Users\Joe\Downloads\tdsskiller (1).zip
2012-08-02 19:00 - 2009-07-14 00:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-29 21:37 - 2012-06-06 12:37 - 00000962 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-29 21:37 - 2012-06-06 12:37 - 00000962 ____A C:\Users\All Users\Desktop\calibre - E-book management.lnk
2012-07-29 21:36 - 2012-07-29 21:36 - 48359936 ____A C:\Users\Joe\Downloads\calibre-0.8.62.msi
2012-07-29 18:43 - 2011-08-15 09:18 - 00140520 ____A C:\Users\Joe\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-29 18:43 - 2011-08-15 09:18 - 00140520 ____A C:\Users\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-29 18:43 - 2011-08-15 09:18 - 00140520 ____A C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-29 18:43 - 2009-07-13 23:45 - 05075720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-29 18:34 - 2012-07-29 18:34 - 00279446 ____A C:\Windows\Minidump\072912-45240-01.dmp
2012-07-29 18:31 - 2012-07-29 18:31 - 00002067 ____A C:\Users\Public\Desktop\Reader for PC.lnk
2012-07-29 18:31 - 2012-07-29 18:31 - 00002067 ____A C:\Users\All Users\Desktop\Reader for PC.lnk
2012-07-29 18:01 - 2012-07-29 18:01 - 00000081 ____A C:\Users\All Users\dlee.log
2012-07-29 18:01 - 2012-07-29 18:01 - 00000081 ____A C:\Users\All Users\Application Data\dlee.log
2012-07-29 17:25 - 2012-05-30 20:31 - 00000395 ____A C:\rkill.log
2012-07-25 07:22 - 2011-08-21 17:46 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-07-25 07:06 - 2012-07-25 07:06 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-07-25 07:06 - 2012-07-25 07:06 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-07-25 06:40 - 2012-07-25 06:40 - 195019295 ____A C:\Users\Joe\Downloads\Sarina.zip.crdownload
2012-07-22 14:25 - 2012-07-22 14:25 - 00279435 ____A C:\Windows\Minidump\072212-34023-01.dmp
2012-07-22 08:49 - 2011-08-15 15:40 - 00000085 ___SH C:\Users\All Users\Application Data\.zreglib
2012-07-22 08:49 - 2011-08-15 15:40 - 00000085 ___SH C:\Users\All Users\.zreglib
2012-07-21 21:39 - 2012-07-21 21:39 - 09830264 ____A C:\Users\Joe\Downloads\SetupAnyDVD7050.exe
2012-07-21 21:39 - 2012-05-21 18:23 - 00001107 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-07-21 21:39 - 2012-05-21 18:23 - 00001107 ____A C:\Users\All Users\Desktop\AnyDVD.lnk
2012-07-18 08:12 - 2012-07-18 08:12 - 00000771 ____A C:\Users\Public\Desktop\World of Tanks.lnk
2012-07-18 08:12 - 2012-07-18 08:12 - 00000771 ____A C:\Users\All Users\Desktop\World of Tanks.lnk
2012-07-18 08:11 - 2012-07-18 08:11 - 07457336 ____A (Wargaming.net ) C:\Users\Joe\Downloads\WoT_internet_install_us.exe
2012-07-17 19:22 - 2012-03-10 19:08 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-17 19:22 - 2012-03-10 19:08 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-17 19:18 - 2012-07-17 19:18 - 00893936 ____A (Oracle Corporation) C:\Users\Joe\Downloads\chromeinstall-7u5.exe
2012-07-17 19:15 - 2012-07-17 19:14 - 176792672 ____A (NVIDIA Corporation) C:\Users\Joe\Downloads\304.79-desktop-win8-win7-winvista-64bit-english-beta.exe
2012-07-17 19:12 - 2012-07-17 18:34 - 00007625 ____A C:\Users\Joe\Local Settings\Resmon.ResmonCfg
2012-07-17 19:12 - 2012-07-17 18:34 - 00007625 ____A C:\Users\Joe\Local Settings\Application Data\Resmon.ResmonCfg
2012-07-17 19:12 - 2012-07-17 18:34 - 00007625 ____A C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
2012-07-13 15:53 - 2012-07-13 15:53 - 02115791 ____A C:\Users\Joe\Downloads\tdsskiller.zip
2012-07-13 08:28 - 2012-06-19 12:42 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 08:28 - 2012-06-19 12:42 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-12 07:58 - 2012-07-12 07:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2012-07-11 05:52 - 2012-07-11 05:22 - 00003532 ____A C:\Users\Joe\Desktop\unhide.txt
2012-07-09 20:50 - 2012-07-09 20:49 - 00279386 ____A C:\Windows\Minidump\070912-32120-01.dmp
2012-07-05 21:06 - 2012-07-17 19:22 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 21:06 - 2012-03-10 19:08 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 21:06 - 2011-08-10 11:28 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-05 19:46 - 2012-07-05 19:46 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-05 19:46 - 2012-07-05 19:46 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-05 19:44 - 2012-07-05 19:44 - 04810533 ____A C:\Users\Joe\Downloads\GRFS_THEME.zip
2012-07-05 19:34 - 2011-08-10 11:40 - 00503872 ____A C:\Windows\DirectX.log
2012-07-05 19:31 - 2008-11-12 15:10 - 00846336 ____A C:\Users\Joe\Downloads\pbsetup.exe
2012-07-05 19:29 - 2012-07-05 19:29 - 00735889 ____A C:\Users\Joe\Downloads\pbsetup.zip
2012-07-03 12:46 - 2012-06-19 12:42 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 11:21 - 2012-07-17 08:26 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2012-07-03 11:21 - 2011-08-15 11:04 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 06:45 - 2012-05-21 06:48 - 00000459 ____A C:\Users\Joe\Desktop\Fitbit Dashboard.website
2012-06-28 22:37 - 2012-08-10 09:07 - 26226536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 19828072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 18228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 15290216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 14806376 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 13365608 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-28 22:37 - 2012-08-10 09:07 - 12388712 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 09164648 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 07699304 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 02744680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 02723688 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 02573160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 02216296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 01865064 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 01758056 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 00969064 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 00828264 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-06-28 22:37 - 2012-08-10 09:07 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-06-28 22:37 - 2011-08-10 12:59 - 00060776 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-28 22:37 - 2011-08-10 12:59 - 00052584 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-06-28 22:37 - 2011-08-10 12:58 - 00016048 ____A C:\Windows\System32\nvinfo.pb
2012-06-28 18:56 - 2012-08-10 09:10 - 02667062 ____A C:\Windows\System32\nvcoproc.bin
2012-06-28 18:55 - 2012-08-10 09:10 - 06193000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-28 18:55 - 2012-08-10 09:10 - 03266408 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-06-28 18:55 - 2012-08-10 09:10 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-28 18:55 - 2012-08-10 09:10 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-28 18:55 - 2012-08-10 09:10 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-28 18:52 - 2012-06-19 09:28 - 04566027 ___RA (Swearware) C:\Users\Joe\Downloads\ComboFix.exe
2012-06-28 16:44 - 2012-06-28 16:44 - 00428904 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-06-27 11:11 - 2012-06-27 11:10 - 168454136 ____A (NVIDIA Corporation) C:\Users\Joe\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-06-26 19:52 - 2012-06-26 19:52 - 00000222 ____A C:\Users\Joe\Desktop\Tom Clancy's Ghost Recon Future Soldier.url
2012-06-22 09:17 - 2008-08-14 06:57 - 00086584 ____A (Adobe Systems, Inc.) C:\Windows\SysWOW64\Drivers\adfs.sys
2012-06-22 09:17 - 2008-06-27 06:51 - 00086584 ____A (Adobe Systems, Inc.) C:\Windows\System32\Drivers\adfs.sys
2012-06-21 19:53 - 2012-06-21 19:53 - 12376104 ____A (Siber Systems) C:\Users\Joe\Downloads\AiRoboForm-cnetc.exe
2012-06-19 14:25 - 2012-06-19 14:25 - 00001545 ____A C:\Users\Joe\Desktop\2012-06-Marketplace-Bundle - Shortcut.lnk
2012-06-19 14:23 - 2012-06-19 14:23 - 00000809 ____A C:\Users\Joe\Desktop\Perfect Photo Suite 6.lnk
2012-06-19 14:18 - 2012-06-19 14:18 - 00001120 ____A C:\Users\Joe\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
2012-06-19 12:41 - 2012-06-19 12:41 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup.exe
2012-06-19 09:41 - 2009-07-13 21:34 - 19922944 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-19 09:41 - 2009-07-13 21:34 - 141819904 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-19 09:41 - 2009-07-13 21:34 - 05767168 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-19 09:41 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-19 09:41 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-06-19 09:18 - 2012-06-19 09:18 - 15197480 ____A (Adobe Systems Inc.) C:\Users\Joe\Downloads\AdobeAIRInstaller.exe
2012-06-18 19:06 - 2012-05-31 06:12 - 00001270 ____A C:\Users\Joe\Desktop\Revo Uninstaller.lnk
2012-06-18 14:05 - 2012-06-18 14:05 - 00002029 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk
2012-06-18 14:05 - 2012-06-18 14:05 - 00002029 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk
2012-06-18 12:55 - 2012-06-18 12:55 - 06287670 ____A C:\Users\Joe\Downloads\adobe_creative_suite_cleaner_tool.zip
2012-06-17 17:58 - 2012-06-17 17:59 - 07242246 ____A C:\Users\Joe\Downloads\E.L. James.rar
2012-06-12 05:37 - 2012-06-12 05:37 - 00002018 ____A C:\Users\Public\Desktop\Kendo UI DataViz Q1 2012 SP1 Examples.lnk
2012-06-12 05:37 - 2012-06-12 05:37 - 00002018 ____A C:\Users\All Users\Desktop\Kendo UI DataViz Q1 2012 SP1 Examples.lnk
2012-06-12 05:36 - 2012-06-12 05:36 - 00001990 ____A C:\Users\Public\Desktop\Kendo UI Web Q1 2012 SP1 Examples.lnk
2012-06-12 05:36 - 2012-06-12 05:36 - 00001990 ____A C:\Users\All Users\Desktop\Kendo UI Web Q1 2012 SP1 Examples.lnk
2012-06-11 22:08 - 2012-07-11 02:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 21:40 - 2012-06-11 21:40 - 00001154 ____A C:\Users\Public\Desktop\RadControls for Windows Phone 7 Q2 2012 Demos.lnk
2012-06-11 21:40 - 2012-06-11 21:40 - 00001154 ____A C:\Users\All Users\Desktop\RadControls for Windows Phone 7 Q2 2012 Demos.lnk
2012-06-11 21:39 - 2012-06-11 21:39 - 00002296 ____A C:\Users\Public\Desktop\RadControls for Silverlight Q2 2012 Demos.lnk
2012-06-11 21:39 - 2012-06-11 21:39 - 00002296 ____A C:\Users\All Users\Desktop\RadControls for Silverlight Q2 2012 Demos.lnk
2012-06-11 21:37 - 2012-06-11 21:37 - 00002128 ____A C:\Users\Public\Desktop\RadControls for ASP.NET AJAX Q2 2012 Live Examples.lnk
2012-06-11 21:37 - 2012-06-11 21:37 - 00002128 ____A C:\Users\All Users\Desktop\RadControls for ASP.NET AJAX Q2 2012 Live Examples.lnk
2012-06-11 21:36 - 2012-06-11 21:36 - 00001964 ____A C:\Users\Public\Desktop\Telerik JustDecompile.lnk
2012-06-11 21:36 - 2012-06-11 21:36 - 00001964 ____A C:\Users\All Users\Desktop\Telerik JustDecompile.lnk
2012-06-11 21:30 - 2012-06-11 21:30 - 00001250 ____A C:\Users\Public\Desktop\Telerik Reporting Q2 2012 Online Examples.lnk
2012-06-11 21:30 - 2012-06-11 21:30 - 00001250 ____A C:\Users\All Users\Desktop\Telerik Reporting Q2 2012 Online Examples.lnk
2012-06-11 21:04 - 2012-06-11 21:04 - 00002312 ____A C:\Users\Public\Desktop\Demo Application.lnk
2012-06-11 21:04 - 2012-06-11 21:04 - 00002312 ____A C:\Users\All Users\Desktop\Demo Application.lnk
2012-06-11 21:03 - 2012-06-11 21:03 - 00002116 ____A C:\Users\Public\Desktop\RadControls for WPF Q2 2012 Demos.lnk
2012-06-11 21:03 - 2012-06-11 21:03 - 00002116 ____A C:\Users\All Users\Desktop\RadControls for WPF Q2 2012 Demos.lnk
2012-06-09 00:43 - 2012-07-10 21:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-10 21:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 21:09 - 2012-06-07 21:09 - 00002109 ____A C:\Users\Public\Desktop\StuffIt Expander 2011.lnk
2012-06-07 21:09 - 2012-06-07 21:09 - 00002109 ____A C:\Users\All Users\Desktop\StuffIt Expander 2011.lnk
2012-06-07 21:08 - 2012-06-07 21:08 - 11609696 ____A (Smith Micro Software, Inc.) C:\Users\Joe\Downloads\StuffItExpander2011x64.exe
2012-06-06 12:36 - 2012-06-06 12:36 - 47520208 ____A C:\Users\Joe\Downloads\calibre-0.8.54.msi
2012-06-06 12:04 - 2012-06-06 12:04 - 00003023 ____A C:\Users\Joe\Desktop\Mobipocket Reader.lnk
2012-06-06 12:03 - 2012-06-06 12:03 - 05606400 ____A C:\Users\Joe\Downloads\mobireadersetup.msi
2012-06-06 07:49 - 2012-06-06 07:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-06 01:06 - 2012-07-10 21:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-10 21:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-10 21:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-10 21:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-10 21:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-10 21:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 05:47 - 2012-05-30 21:01 - 00001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-04 05:47 - 2012-05-30 21:01 - 00001055 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-06-02 17:19 - 2012-06-08 20:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-08 20:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-08 20:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-08 20:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-08 20:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-08 20:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-08 20:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-08 20:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-08 20:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-11 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-11 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-11 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-11 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-11 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-11 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-11 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-11 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-11 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-11 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-11 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-11 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-11 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-11 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-11 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-11 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-11 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-11 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-11 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-11 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-11 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-11 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-11 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-11 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-11 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-11 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-11 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-11 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-10 21:23 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-10 21:23 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-10 21:23 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-10 21:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-10 21:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-10 21:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-10 21:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-10 21:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-10 21:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 06:12 - 2012-05-31 06:12 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Joe\Downloads\revosetup.exe
2012-05-30 21:39 - 2012-05-30 21:37 - 98312792 ____A C:\Users\Joe\Downloads\avast_internet_security_setup.exe
2012-05-30 21:09 - 2011-10-18 19:01 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-30 21:09 - 2011-10-18 19:01 - 00002491 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-05-30 20:56 - 2012-05-30 20:56 - 00191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-30 20:56 - 2012-05-30 20:56 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-30 20:55 - 2012-05-30 20:56 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-30 20:55 - 2011-08-10 11:28 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-30 20:52 - 2012-05-30 20:52 - 02824736 ____A (Secunia) C:\Users\Joe\Downloads\PSI3BetaSetup.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-22 08:23:49
Restore point made on: 2012-08-22 09:42:33
Restore point made on: 2012-08-22 09:44:15
Restore point made on: 2012-08-22 11:28:10
Restore point made on: 2012-08-23 02:00:25
Restore point made on: 2012-08-23 19:01:43
Restore point made on: 2012-08-23 21:45:05
Restore point made on: 2012-08-24 02:00:27
Restore point made on: 2012-08-25 07:15:11
Restore point made on: 2012-08-26 02:00:28
Restore point made on: 2012-08-27 02:00:27

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 12278.93 MB
Available physical RAM: 11167.19 MB
Total Pagefile: 12277.13 MB
Available Pagefile: 11179.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:1846.72 GB) (Free:1323.15 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:16.26 GB) (Free:7.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (Spare) (Fixed) (Total:931.51 GB) (Free:344.91 GB) NTFS
6 Drive h: (WD-Backup) (Fixed) (Total:930.86 GB) (Free:349.1 GB) NTFS
7 Drive i: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1863 GB 1024 KB
Disk 2 Online 956 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 Online 930 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 G Spare NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 16 GB 39 MB
Partition 3 Primary 1846 GB 16 GB

==================================================================================

Disk: 1
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 16 GB Healthy

==================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 1846 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 956 MB 116 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I FAT32 Removable 956 MB Healthy

==================================================================================

Partitions of Disk 8:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 930 GB 1024 KB

==================================================================================

Disk: 8
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 H WD-Backup NTFS Partition 930 GB Healthy

==================================================================================

Last Boot: 2012-08-26 23:04

==================== End Of Log =============================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 28 August 2012 - 07:43 PM

The FRST log shows nothing unusual.

Please uninstall your copy of Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now please download and run the new version and post the log.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#7 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 28 August 2012 - 09:47 PM

The FRST log shows nothing unusual.

Please uninstall your copy of Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now please download and run the new version and post the log.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.


Combofix log is below, please note, I could not run this in regular windows (it kept locking up) so I ran this in safe mode with the previous mentioned items disabled.

ComboFix 12-08-28.03 - Joe 08/28/2012 22:21:30.23.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.11002 [GMT -4:00]
Running from: c:\users\Joe\Downloads\Virus Killer Stuff\Comfix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-29 00:30 . 2012-08-23 05:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68B1626E-4CDD-4148-AC6C-0B3EBB497CEC}\mpengine.dll
2012-08-28 01:46 . 2012-08-28 01:47 -------- d-----w- C:\FRST
2012-08-24 00:01 . 2012-08-24 00:01 -------- d-----w- c:\programdata\Sophos
2012-08-24 00:01 . 2012-08-24 00:01 73728 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 00:01 . 2012-08-24 00:01 73728 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 00:01 . 2012-08-24 00:01 73728 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-24 00:01 . 2012-08-24 00:01 -------- d-----w- c:\program files (x86)\Sophos
2012-08-23 23:49 . 2012-08-23 23:49 -------- d-----w- c:\program files\Speccy
2012-08-23 14:04 . 2012-08-23 14:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-08-22 17:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 15:46 . 2012-08-22 15:46 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-08-22 13:30 . 2012-08-22 13:30 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix
2012-08-22 13:28 . 2012-08-22 13:28 -------- d-----w- c:\program files (x86)\IIS Express
2012-08-22 13:27 . 2012-08-22 13:27 -------- d-----w- c:\programdata\Package Cache
2012-08-22 13:24 . 2012-08-22 13:24 -------- d-----w- c:\program files\Microsoft
2012-08-22 00:31 . 2012-08-22 00:31 -------- d-----w- c:\users\Joe\AppData\Local\GameStop
2012-08-10 19:24 . 2012-08-10 19:25 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG
2012-08-10 17:58 . 2012-08-10 17:58 -------- d-----w- c:\users\Joe\AppData\Local\AVG Secure Search
2012-08-10 17:58 . 2012-08-22 13:38 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-10 17:58 . 2012-08-10 17:58 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-10 17:58 . 2012-08-22 17:38 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-10 17:58 . 2012-08-10 17:58 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-10 17:58 . 2012-08-10 17:58 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-10 17:58 . 2012-08-29 00:29 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-10 17:58 . 2012-08-10 18:10 -------- d-----w- c:\programdata\AVG2012
2012-08-10 17:58 . 2012-08-10 17:58 -------- d-----w- C:\$AVG
2012-08-10 17:57 . 2012-08-10 19:23 -------- d-----w- c:\program files (x86)\AVG
2012-08-10 17:24 . 2012-08-29 00:29 -------- d-----w- c:\programdata\MFAData
2012-08-10 17:24 . 2012-08-10 17:24 -------- d--h--w- c:\programdata\Common Files
2012-08-10 14:13 . 2012-08-29 01:56 -------- d-----w- c:\users\UpdatusUser
2012-08-10 14:10 . 2012-06-28 23:56 2667062 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-10 14:10 . 2012-06-28 23:55 3266408 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-10 14:10 . 2012-06-28 23:55 6193000 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-10 14:10 . 2012-06-28 23:55 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-10 14:10 . 2012-06-28 23:55 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-10 14:10 . 2012-06-28 23:55 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-10 13:33 . 2012-08-10 13:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-08-08 22:26 . 2012-08-08 22:26 -------- d-----w- C:\SkyDriveTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 02:04 . 2011-08-15 23:35 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-28 02:04 . 2011-08-15 21:57 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-28 01:01 . 2011-08-15 21:57 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-25 03:20 . 2011-08-15 21:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-15 14:23 . 2012-04-08 13:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:23 . 2011-08-10 16:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:00 . 2011-08-15 15:19 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-08 22:32 . 2012-06-27 02:45 3233712 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-07-06 02:06 . 2012-07-18 00:22 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-08-10 16:28 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2012-06-19 17:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-07-17 13:26 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-03 16:21 . 2011-08-15 16:04 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 03:37 . 2011-08-10 17:59 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-29 03:37 . 2011-08-10 17:59 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-28 21:44 . 2012-06-28 21:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-22 14:17 . 2008-08-14 11:57 86584 ----a-w- c:\windows\SysWow64\drivers\adfs.sys
2012-06-22 14:17 . 2008-06-27 11:51 86584 ----a-w- c:\windows\system32\drivers\adfs.sys
2012-06-12 03:08 . 2012-07-11 07:04 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 02:45 . 2011-08-15 19:28 2441568 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-12 02:24 . 2012-06-12 02:24 204224 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-06-09 05:43 . 2012-07-11 02:23 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 02:23 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 02:23 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 02:23 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 02:23 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 02:23 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 02:23 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-09 01:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-09 01:28 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-09 01:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 07:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 07:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 07:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 07:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 07:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 07:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 07:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 02:23 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 02:23 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 02:23 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 02:23 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 02:23 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 02:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:23 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 02:23 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 02:23 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-10 17:58 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-10 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-18 18:45 220608 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-18 18:45 220608 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-18 18:45 220608 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-15 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256]
"SkyDrive"="c:\users\Joe\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-08-18 238528]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-08-25 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 5955000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-27 1171304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-06-22 611712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-10 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-10 1020512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CTAutoUpdate"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-06-19 623416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-15 1207312]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-5-3 562232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/10 11:38;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-15 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-08-15 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2012-04-26 34048]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-19 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-04 24600]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-05-22 137312]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [2012-02-24 26856]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-22 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-05-22 146528]
S1 aswKbd;aswKbd; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-10 31080]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-05-22 3459024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-26 788000]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-07-18 80448]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-09-23 210792]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-05-03 1302072]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-05-03 681016]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-27 5914912]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 7515000]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 552312]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-10 927840]
S2 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-05-22 367200]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-12-01 26856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:23]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 14:56]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 14:56]
.
2012-08-10 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-18 18:45 244672 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-18 18:45 244672 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-18 18:45 244672 ----a-w- c:\users\Joe\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2012-02-24 4550656]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 403112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: battlefield.com\battlelog
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rl4783jb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://start.roboform.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3392733936-3977664876-2080522696-1001\Software\SecuROM\License information*]
"datasecu"=hex:fa,02,5e,96,18,f4,b0,94,86,d0,48,5b,8c,6e,89,34,8f,ba,47,c9,6e,
7e,1a,37,83,79,9b,3e,65,5b,5d,ab,89,d0,f4,fe,f7,56,59,ff,26,ac,fa,96,7a,7c,\
"rkeysecu"=hex:dc,77,8d,84,25,21,41,9a,95,00,5a,71,ef,9b,d2,69
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-08-28 22:44:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-29 02:44
ComboFix2.txt 2012-08-22 14:15
.
Pre-Run: 1,431,795,077,120 bytes free
Post-Run: 1,431,906,054,144 bytes free
.
- - End Of File - - AD73C76CB042148E5C9211AA995A719D

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 29 August 2012 - 02:47 PM

Then let's see Combofix running again and see if any further files appear

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 29 August 2012 - 06:39 PM

Then let's see Combofix running again and see if any further files appear

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:


RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Ok, followed your instructions, my computer froze about 10 minutes after the reboot, notepad didn't open but I did find the log in C;\Comfix3293C, I've posted it below....


ComboFix 12-08-28.03 - Joe 08/29/2012 16:02:10.24.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9325 [GMT -4:00]
Running from: C:\Users\Joe\Downloads\Virus Killer Stuff\Comfix.exe
Command switches used :: C:\Users\Joe\Downloads\Virus Killer Stuff\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll


((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))


2012-08-29 20:57:18 . 2012-08-29 20:57:18 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-08-29 20:57:18 . 2012-08-29 20:57:18 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\temp
2012-08-29 20:57:18 . 2012-08-29 20:57:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-29 20:57:18 . 2012-08-29 20:57:18 -------- d-----w- C:\Users\Classic .NET AppPool\AppData\Local\temp
2012-08-29 11:50:17 . 2012-08-29 11:50:17 314016 ----a-w- C:\Windows\system32\drivers\atksgt.sys
2012-08-29 11:50:16 . 2012-08-29 11:50:16 43680 ----a-w- C:\Windows\system32\drivers\lirsgt.sys
2012-08-29 07:28:46 . 2012-08-29 07:28:46 -------- d-----w- C:\found.001
2012-08-29 02:20:51 . 2012-08-29 03:03:10 -------- d-----w- C:\Comfix
2012-08-29 00:30:40 . 2012-08-23 05:26:42 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68B1626E-4CDD-4148-AC6C-0B3EBB497CEC}\mpengine.dll
2012-08-28 01:46:48 . 2012-08-28 01:47:00 -------- d-----w- C:\FRST
2012-08-24 00:01:54 . 2012-08-24 00:01:54 -------- d-----w- C:\ProgramData\Sophos
2012-08-24 00:01:51 . 2012-08-24 00:01:51 73728 ----a-r- C:\Users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 00:01:50 . 2012-08-24 00:01:51 73728 ----a-r- C:\Users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-24 00:01:50 . 2012-08-24 00:01:50 73728 ----a-r- C:\Users\Joe\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-24 00:01:48 . 2012-08-24 00:01:48 -------- d-----w- C:\Program Files (x86)\Sophos
2012-08-23 23:49:43 . 2012-08-23 23:49:45 -------- d-----w- C:\Program Files\Speccy
2012-08-23 14:04:04 . 2012-08-23 14:04:04 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-08-22 17:40:21 . 2012-06-29 10:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 15:46:19 . 2012-08-22 15:46:19 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-08-22 13:30:25 . 2012-08-22 13:30:27 -------- d-----w- C:\Program Files (x86)\Microsoft WebMatrix
2012-08-22 13:28:37 . 2012-08-22 13:28:39 -------- d-----w- C:\Program Files (x86)\IIS Express
2012-08-22 13:27:49 . 2012-08-22 13:27:50 -------- d-----w- C:\ProgramData\Package Cache
2012-08-22 13:24:00 . 2012-08-22 13:24:00 -------- d-----w- C:\Program Files\Microsoft
2012-08-22 00:31:55 . 2012-08-22 00:31:55 -------- d-----w- C:\Users\Joe\AppData\Local\GameStop
2012-08-10 19:24:39 . 2012-08-10 19:25:17 -------- d-----w- C:\Users\Joe\AppData\Roaming\AVG
2012-08-10 17:58:37 . 2012-08-10 17:58:37 -------- d-----w- C:\Users\Joe\AppData\Local\AVG Secure Search
2012-08-10 17:58:31 . 2012-08-22 13:38:29 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-10 17:58:27 . 2012-08-10 17:58:27 31080 ----a-w- C:\Windows\system32\drivers\avgtpx64.sys
2012-08-10 17:58:25 . 2012-08-22 17:38:53 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-10 17:58:25 . 2012-08-10 17:58:29 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-10 17:58:15 . 2012-08-10 17:58:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-10 17:58:08 . 2012-08-29 16:28:44 -------- d-----w- C:\Windows\system32\drivers\AVG
2012-08-10 17:58:08 . 2012-08-10 18:10:00 -------- d-----w- C:\ProgramData\AVG2012
2012-08-10 17:58:08 . 2012-08-10 17:58:08 -------- d-----w- C:\$AVG
2012-08-10 17:57:58 . 2012-08-10 19:23:33 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-10 17:24:17 . 2012-08-29 16:28:44 -------- d-----w- C:\ProgramData\MFAData
2012-08-10 17:24:17 . 2012-08-10 17:24:17 -------- d--h--w- C:\ProgramData\Common Files
2012-08-10 14:13:06 . 2012-08-29 01:56:06 -------- d-----w- C:\Users\UpdatusUser
2012-08-10 14:10:16 . 2012-06-28 23:56:15 2667062 ----a-w- C:\Windows\system32\nvcoproc.bin
2012-08-10 14:10:16 . 2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\system32\nvsvc64.dll
2012-08-10 14:10:16 . 2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\system32\nvcpl.dll
2012-08-10 14:10:16 . 2012-06-28 23:55:40 118120 ----a-w- C:\Windows\system32\nvmctray.dll
2012-08-10 14:10:16 . 2012-06-28 23:55:39 891240 ----a-w- C:\Windows\system32\nvvsvc.exe
2012-08-10 14:10:16 . 2012-06-28 23:55:39 63336 ----a-w- C:\Windows\system32\nvshext.dll
2012-08-10 13:33:28 . 2012-08-10 13:33:28 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-08-08 22:26:43 . 2012-08-08 22:26:43 -------- d-----w- C:\SkyDriveTemp
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 29 August 2012 - 07:44 PM

Please run MBAM and then scan with ESET

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 29 August 2012 - 11:19 PM

Please run MBAM and then scan with ESET

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.


I've tried to run MBAM at least 6 times. My computer locks up every time at various points in the scan. The longest scan ran for 45 minutes before it locked up.

How should I proceed?

Joe

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 30 August 2012 - 05:51 PM

Can you try running ESET
Posted Image
m0le is a proud member of UNITE

#13 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 30 August 2012 - 10:19 PM

Can you try running ESET


Ok, the 7th time was the charm, MBAM ran, here's the log:


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JUPITER [administrator]

Protection: Disabled

8/30/2012 7:15:58 AM
mbam-log-2012-08-30 (07-15-58).txt

Scan type: Full scan (C:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 935551
Time elapsed: 3 hour(s), 16 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here's the log from ESET:


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

#14 Joe Adam

Joe Adam
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 31 August 2012 - 08:05 AM

M0le, I am still having lockups, it seems to happen shortly after using any browser more that anything else. I can play a game for hours with no lockups, once I start browsing, it gets worse. Also on restart, my computer sometimes doesn't allow me to type my password in.

I am out of town for the holiday weekend starting late this afternoon and will return late Monday night, so if I don't respond, it's only because I am out of town. I really appreciate all the help.

Thanks,
Joe

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:33 AM

Posted 31 August 2012 - 10:49 PM

Thanks for letting me know, Joe.

The HStart files in the Dell folders are not by Dell, they are malware and this could be what's reproducing the annoying files. The way to find out is to run Combofix again. Please do that when you return from your weekend. Have a good one :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users