Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Work computer with Trojan Virus Generic 33. Need help with removal


  • This topic is locked This topic is locked
10 replies to this topic

#1 hcline

hcline

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 June 2013 - 10:45 AM

Hello,

 

I am working on a PC with Windows XP service pack 3. My computer here at work got infected with a Trojan virus called Generic 33. It has disabled several times my printer software and scanning software. I have had to reinstall the software twice so far and I may have to do it again.

 

I need to get this computer cleaned up so that I can go about my daily tasks at work here. I am the Graphic Designer and I cannot afford to have this computer go down on me. My work won't pay for any expensive removal software and the free AVG anti-virus software continually says it's healed/quarantined/gotten rid of the virus but it has not.

 

Can you please help me get this computer clean?

 

Thank you.

 

-----------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by derek at 11:14:40 on 2013-06-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.934 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\derek\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\derek\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Program Files\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110808&tt=3412_4&babsrc=HP_ss&mntrId=50c3f35e000000000000001d09951e33
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
StartupFolder: c:\docume~1\derek\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\derek\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351808850750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 205.171.3.65 75.75.76.76
TCP: Interfaces\{5D8B8E1A-53B8-4DC1-B349-0AEF6C8E8CA1} : DHCPNameServer = 75.75.75.75 205.171.3.65 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\derek\application data\mozilla\firefox\profiles\ump2rjbd.default\
FF - plugin: c:\documents and settings\derek\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\derek\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\derek\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\derek\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-6-3 266240]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-04 15:32:00    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2013-06-04 14:59:22    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-04 14:59:21    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-03 17:30:04    --------    d-----w-    c:\documents and settings\derek\application data\ControlCenter4
2013-06-03 17:22:47    --------    d-----w-    c:\program files\Enigma Software Group
2013-06-03 17:21:56    --------    d-----w-    c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-03 17:21:53    --------    d-----w-    c:\program files\common files\Wise Installation Wizard
2013-06-03 17:20:12    --------    d-----w-    C:\Brother
2013-06-03 17:20:06    --------    d-----w-    c:\program files\Browny02
2013-06-03 17:20:05    --------    d-----w-    c:\documents and settings\all users\application data\ControlCenter4
2013-06-03 17:19:54    --------    d-----w-    c:\program files\ControlCenter4
2013-06-03 17:19:46    225280    ------w-    c:\windows\system32\BrfxD05c.dll
2013-06-03 17:19:23    73728    ------w-    c:\windows\system32\BrDctF2.dll
2013-06-03 17:19:23    5120    ------w-    c:\windows\system32\BrDctF2S.dll
2013-06-03 17:19:23    5120    ------w-    c:\windows\system32\BrDctF2L.dll
2013-06-03 17:19:19    180224    ----a-w-    c:\windows\system32\BROSNMP.DLL
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-24 21:23:23    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-24 19:53:51    --------    d-----w-    c:\documents and settings\derek\application data\Zeon
2013-05-24 19:37:31    --------    d-----w-    c:\documents and settings\derek\application data\AVG
2013-05-24 19:36:57    --------    d-----w-    c:\documents and settings\all users\application data\AVG
2013-05-24 19:36:46    --------    d-sh--w-    c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-24 17:00:58    --------    d-----w-    c:\documents and settings\derek\application data\OrphansRemover
2013-05-15 13:34:35    --------    d-----w-    c:\program files\Dropbox
.
==================== Find3M  ====================
.
2013-05-15 17:31:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 17:31:17    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 08:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-24 20:39:12    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 20:39:12    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-24 20:39:12    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-24 20:39:12    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-04-16 22:17:15    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17:14    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-03-29 07:53:48    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-23 01:09:28    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 08:08:24    182072    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 11:15:42.90 ===============
 

Attached Files


Edited by hcline, 04 June 2013 - 11:21 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 04 June 2013 - 11:32 AM

Hi hcline,

 

Welcome to the forum. I will assist you with the issue.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 hcline

hcline
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 June 2013 - 11:35 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02
Ran by derek (administrator) on 04-06-2013 11:34:34
Running from C:\Documents and Settings\derek\Desktop\malware removal programs
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Documents and Settings\derek\Application Data\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
(Adobe Systems Incorporated ) C:\Program Files\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [HPUsageTracking] "c:\Program Files\HP\HP UT\bin\hppusg.exe" "c:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: E - E:\LaunchU3.exe -a
HKU\Dispatch\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2013-05-01] (Apple Inc.)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2013-05-01] (Apple Inc.)
HKU\Guest\...\Run: [Google Update] "C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [ 2013-02-07] (Google Inc.)
Startup: C:\Documents and Settings\derek\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\derek\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110808&tt=3412_4&babsrc=HP_ss&mntrId=50c3f35e000000000000001d09951e33
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_4&babsrc=SP_ss&mntrId=50c3f35e000000000000001d09951e33
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
PDF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 205.171.3.65 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\derek\Application Data\Mozilla\Firefox\Profiles\ump2rjbd.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - C:\Documents and Settings\derek\Application Data\Mozilla\Firefox\Profiles\ump2rjbd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\derek\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\derek\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Quickrr Google Maps Search) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd\1.1_0
CHR Extension: (AdBlock) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [6406656 2011-01-26] (ATI Technologies Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [15616 2013-06-04] ()
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S0 cerc6; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\derek\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-04 11:34 - 2013-06-04 11:34 - 00000000 ____D C:\FRST
2013-06-04 11:16 - 2013-06-04 11:16 - 00015015 ____A C:\Documents and Settings\derek\My Documents\dds.txt
2013-06-04 11:16 - 2013-06-04 11:16 - 00008097 ____A C:\Documents and Settings\derek\My Documents\attach.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00015015 ____A C:\Documents and Settings\derek\Desktop\dds.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00008097 ____A C:\Documents and Settings\derek\Desktop\attach.txt
2013-06-04 11:13 - 2013-06-04 11:13 - 00688992 ____R (Swearware) C:\Documents and Settings\derek\Desktop\dds.com
2013-06-04 10:33 - 2013-06-04 10:33 - 00001525 ____A C:\Documents and Settings\derek\Desktop\RKreport[1]_S_06042013_02d1033.txt
2013-06-04 10:32 - 2013-06-04 10:33 - 05077441 ____A (Swearware) C:\Documents and Settings\derek\Desktop\ComboFix.exe
2013-06-04 10:32 - 2013-06-04 10:32 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-04 10:31 - 2013-06-04 10:33 - 00000000 ____D C:\Documents and Settings\derek\Desktop\RK_Quarantine
2013-06-04 10:15 - 2013-06-04 10:15 - 00816128 ____A C:\Documents and Settings\derek\Desktop\RogueKiller.exe
2013-06-04 09:59 - 2013-06-04 09:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 09:59 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-04 09:46 - 2013-06-04 10:54 - 00005493 ____A C:\Windows\setupapi.log
2013-06-03 12:30 - 2013-06-04 09:38 - 00000000 ____D C:\Documents and Settings\derek\Application Data\ControlCenter4
2013-06-03 12:22 - 2013-06-03 12:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-03 12:21 - 2013-06-03 12:27 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-03 12:21 - 2013-06-03 12:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Program Files\Browny02
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ControlCenter4
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Brother
2013-06-03 12:19 - 2013-06-04 09:31 - 00000000 ____D C:\Program Files\ControlCenter4
2013-06-03 12:19 - 2013-06-03 12:20 - 00000086 ____A C:\Windows\Brfaxrx.ini
2013-06-03 12:19 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2S.dll
2013-06-03 12:19 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2.dll
2013-06-03 12:19 - 2010-02-04 21:42 - 00180224 ____A (Brother Industries, Ltd.) C:\Windows\System32\BROSNMP.DLL
2013-06-03 12:19 - 2009-12-08 16:17 - 00225280 ____N (Brother Industries, Ltd.) C:\Windows\System32\BrfxD05c.dll
2013-06-03 12:19 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2L.dll
2013-06-03 12:19 - 2003-11-28 18:57 - 00000000 ____A C:\Windows\brdfxspd.dat
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Desktop\install
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Application Data\InstallShield
2013-05-24 14:53 - 2013-05-24 14:53 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Zeon
2013-05-24 14:37 - 2013-05-24 16:43 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-05-24 14:37 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\derek\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:36 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-24 12:00 - 2013-05-24 12:00 - 00000000 ____D C:\Documents and Settings\derek\Application Data\OrphansRemover
2013-05-20 13:29 - 2013-05-22 12:45 - 00000000 ____D C:\Documents and Settings\derek\Desktop\fake deals
2013-05-17 09:35 - 2013-05-20 08:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-15 08:37 - 2013-05-24 15:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 08:34 - 2013-05-15 08:34 - 00000000 ____D C:\Program Files\Dropbox

==================== One Month Modified Files and Folders ========

2013-06-04 11:34 - 2013-06-04 11:34 - 00000000 ____D C:\FRST
2013-06-04 11:31 - 2012-08-28 16:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-04 11:27 - 2010-11-10 18:37 - 00000978 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2077806209-682003330-1003UA.job
2013-06-04 11:16 - 2013-06-04 11:16 - 00015015 ____A C:\Documents and Settings\derek\My Documents\dds.txt
2013-06-04 11:16 - 2013-06-04 11:16 - 00008097 ____A C:\Documents and Settings\derek\My Documents\attach.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00015015 ____A C:\Documents and Settings\derek\Desktop\dds.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00008097 ____A C:\Documents and Settings\derek\Desktop\attach.txt
2013-06-04 11:13 - 2013-06-04 11:13 - 00688992 ____R (Swearware) C:\Documents and Settings\derek\Desktop\dds.com
2013-06-04 11:05 - 2010-11-10 12:01 - 00000254 ____A C:\Windows\wiadebug.log
2013-06-04 11:00 - 2012-08-22 09:39 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-04 10:55 - 2012-08-20 09:36 - 00000000 ___RD C:\Documents and Settings\derek\My Documents\Dropbox
2013-06-04 10:55 - 2012-08-20 09:34 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Dropbox
2013-06-04 10:55 - 2010-11-10 18:42 - 00065536 ____A C:\Windows\System32\config\ACEEvent.evt
2013-06-04 10:54 - 2013-06-04 09:46 - 00005493 ____A C:\Windows\setupapi.log
2013-06-04 10:53 - 2010-11-10 18:13 - 01602560 ____A C:\Windows\WindowsUpdate.log
2013-06-04 10:53 - 2008-04-14 02:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-04 10:52 - 2012-08-22 09:39 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-04 10:52 - 2010-11-10 18:33 - 00000062 __ASH C:\Documents and Settings\derek\Local Settings\desktop.ini
2013-06-04 10:52 - 2010-11-10 18:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-04 10:52 - 2010-11-10 18:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 10:52 - 2010-11-10 18:16 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-04 10:52 - 2010-11-10 12:01 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-04 10:33 - 2013-06-04 10:33 - 00001525 ____A C:\Documents and Settings\derek\Desktop\RKreport[1]_S_06042013_02d1033.txt
2013-06-04 10:33 - 2013-06-04 10:32 - 05077441 ____A (Swearware) C:\Documents and Settings\derek\Desktop\ComboFix.exe
2013-06-04 10:33 - 2013-06-04 10:31 - 00000000 ____D C:\Documents and Settings\derek\Desktop\RK_Quarantine
2013-06-04 10:32 - 2013-06-04 10:32 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-04 10:15 - 2013-06-04 10:15 - 00816128 ____A C:\Documents and Settings\derek\Desktop\RogueKiller.exe
2013-06-04 10:03 - 2012-08-21 18:45 - 00001456 ____A C:\Documents and Settings\derek\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2013-06-04 09:59 - 2013-06-04 09:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 09:38 - 2013-06-03 12:30 - 00000000 ____D C:\Documents and Settings\derek\Application Data\ControlCenter4
2013-06-04 09:34 - 2010-11-10 18:33 - 00000178 ___SH C:\Documents and Settings\derek\ntuser.ini
2013-06-04 09:34 - 2010-11-10 18:32 - 00032578 ____N C:\Windows\SchedLgU.Txt
2013-06-04 09:32 - 2012-08-20 09:32 - 00000234 ___AC C:\Windows\Brpfx04a.ini
2013-06-04 09:32 - 2012-08-20 09:32 - 00000065 ___AC C:\Windows\brpcfx.ini
2013-06-04 09:31 - 2013-06-03 12:19 - 00000000 ____D C:\Program Files\ControlCenter4
2013-06-04 08:31 - 2010-11-10 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-04 08:27 - 2010-11-10 18:37 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2077806209-682003330-1003Core.job
2013-06-03 13:12 - 2012-10-23 12:33 - 00271184 __AHC C:\Windows\System32\mlfcache.dat
2013-06-03 12:27 - 2013-06-03 12:21 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-03 12:22 - 2013-06-03 12:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-03 12:21 - 2013-06-03 12:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Program Files\Browny02
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ControlCenter4
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Brother
2013-06-03 12:20 - 2013-06-03 12:19 - 00000086 ____A C:\Windows\Brfaxrx.ini
2013-06-03 12:19 - 2012-08-20 09:31 - 00000000 ____D C:\Program Files\Brother
2013-06-03 12:19 - 2010-11-11 16:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Desktop\install
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Application Data\InstallShield
2013-06-03 11:50 - 2010-11-29 16:20 - 00000000 ____D C:\Documents and Settings\derek\Local Settings\Application Data\Adobe
2013-06-03 11:50 - 2010-11-10 18:42 - 00394976 ___AC C:\Documents and Settings\derek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-03 11:48 - 2010-11-10 11:58 - 05311888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-03 11:45 - 2012-08-20 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2013-06-03 11:42 - 2012-08-20 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nuance
2013-05-31 15:40 - 2012-09-26 15:12 - 00000000 ____D C:\Documents and Settings\derek\Desktop\deal images
2013-05-31 15:39 - 2012-10-11 14:42 - 00000000 ____D C:\Documents and Settings\derek\Desktop\Crowd Cut files
2013-05-31 11:41 - 2012-08-20 11:48 - 00000000 ____D C:\Documents and Settings\derek\Application Data\FileZilla
2013-05-31 11:40 - 2012-08-20 11:48 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-05-30 15:36 - 2012-10-19 08:50 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff from kian
2013-05-24 16:43 - 2013-05-24 14:37 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-05-24 16:23 - 2012-08-28 16:59 - 00000000 ____D C:\Program Files\QuickTime
2013-05-24 15:14 - 2010-11-10 18:47 - 00000000 ____D C:\Program Files\AVG
2013-05-24 15:09 - 2013-05-15 08:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-24 15:09 - 2013-04-10 08:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-24 15:09 - 2013-04-10 08:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-05-24 15:09 - 2013-03-20 16:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-24 15:09 - 2013-02-13 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-05-24 15:09 - 2012-12-12 09:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2013-05-24 15:09 - 2012-11-16 09:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2013-05-24 15:09 - 2012-11-16 09:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-05-24 15:09 - 2012-10-10 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-05-24 15:09 - 2012-08-29 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB941569$
2013-05-24 15:09 - 2012-08-29 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB939683$
2013-05-24 15:09 - 2012-08-29 08:37 - 00000000 __HDC C:\Windows\$NtUninstallKB954154_WM11$
2013-05-24 15:09 - 2012-08-17 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2731847$
2013-05-24 15:09 - 2012-07-12 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2718523$
2013-05-24 15:09 - 2012-06-13 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$
2013-05-24 15:09 - 2012-05-12 03:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2013-05-24 15:09 - 2012-05-12 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2013-05-24 15:09 - 2012-03-14 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2641653$
2013-05-24 15:09 - 2012-02-16 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2660465$
2013-05-24 15:09 - 2012-02-16 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2661637$
2013-05-24 15:09 - 2012-01-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2646524$
2013-05-24 15:09 - 2011-12-15 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2639417$
2013-05-24 15:09 - 2011-10-14 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2567053$
2013-05-24 15:09 - 2011-08-11 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2567680$
2013-05-24 15:09 - 2011-07-13 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2555917$
2013-05-24 15:09 - 2011-04-13 22:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2506223$
2013-05-24 15:09 - 2011-04-13 22:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2412687$
2013-05-24 15:09 - 2011-04-13 22:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2508429$
2013-05-24 15:09 - 2011-03-24 15:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$
2013-05-24 15:09 - 2011-02-08 21:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2479628$
2013-05-24 15:09 - 2010-12-15 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2013-05-24 15:09 - 2010-12-15 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2436673$
2013-05-24 15:09 - 2010-12-15 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2423089$
2013-05-24 15:09 - 2010-11-11 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB971737$
2013-05-24 15:09 - 2010-11-11 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB958869$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2378111_WM9$
2013-05-24 15:09 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2013-05-24 15:09 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2121546$
2013-05-24 15:09 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB967715$
2013-05-24 15:09 - 2010-11-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2013-05-24 15:09 - 2010-11-10 18:40 - 00000000 __HDC C:\Windows\$NtUninstallKB898461$
2013-05-24 15:08 - 2012-08-28 14:16 - 00000000 __HDC C:\Windows\$NtUninstallMSCompPackV1$
2013-05-24 15:08 - 2012-08-28 14:15 - 00000000 __HDC C:\Windows\$NtUninstallWudf01000$
2013-05-24 15:08 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB982214$
2013-05-24 15:08 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB982132$
2013-05-24 15:08 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB981349$
2013-05-24 15:08 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB981957$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB981322$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB978601$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB973540_WM9$
2013-05-24 15:02 - 2012-09-27 09:35 - 00000000 ____D C:\Documents and Settings\derek\Application Data\TuneUp Software
2013-05-24 14:56 - 2012-08-22 10:06 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Apple Computer
2013-05-24 14:53 - 2013-05-24 14:53 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Zeon
2013-05-24 14:53 - 2012-08-20 09:27 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Nuance
2013-05-24 14:37 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\derek\Application Data\AVG
2013-05-24 14:37 - 2013-05-24 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:36 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-24 12:00 - 2013-05-24 12:00 - 00000000 ____D C:\Documents and Settings\derek\Application Data\OrphansRemover
2013-05-23 09:57 - 2010-11-11 12:20 - 00000000 ____D C:\Documents and Settings\derek\My Documents\Google Talk Received Files
2013-05-22 16:45 - 2013-02-05 18:08 - 00068096 _ASHC C:\Documents and Settings\derek\Desktop\Thumbs.db
2013-05-22 12:45 - 2013-05-20 13:29 - 00000000 ____D C:\Documents and Settings\derek\Desktop\fake deals
2013-05-21 13:52 - 2013-03-26 10:38 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff
2013-05-21 09:45 - 2012-08-30 11:38 - 00000000 ____D C:\Windows\System32\cache
2013-05-21 08:44 - 2012-08-20 15:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-20 08:44 - 2012-08-20 08:55 - 00000000 ____D C:\Program Files\Adobe
2013-05-20 08:42 - 2013-05-17 09:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 11:56 - 2012-10-30 09:55 - 00000000 ____D C:\Documents and Settings\derek\Desktop\vector art
2013-05-15 14:52 - 2010-11-10 18:39 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 12:31 - 2012-08-20 15:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 12:31 - 2012-08-20 15:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-15 08:44 - 2011-03-27 11:21 - 00000000 ____D C:\Windows\ie8updates
2013-05-15 08:44 - 2010-11-10 11:59 - 00539556 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-05-15 08:39 - 2010-11-10 18:40 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-15 08:37 - 2010-11-11 09:51 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 08:34 - 2013-05-15 08:34 - 00000000 ____D C:\Program Files\Dropbox
2013-05-14 15:23 - 2012-10-08 17:30 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff from kyle
2013-05-13 09:28 - 2012-08-16 15:22 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Mozilla
2013-05-10 15:11 - 2012-08-27 15:19 - 00000132 ___AC C:\Documents and Settings\derek\Application Data\Adobe GIF Format CS6 Prefs
2013-05-08 08:55 - 2012-08-22 09:18 - 00000132 ___AC C:\Documents and Settings\derek\Application Data\Adobe PNG Format CS6 Prefs
2013-05-06 23:27 - 2008-04-14 02:00 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 23:27 - 2008-04-14 02:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 04 June 2013 - 12:37 PM

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#5 hcline

hcline
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 June 2013 - 12:50 PM

12:43:53.0046 1668  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:43:53.0609 1668  ============================================================
12:43:53.0609 1668  Current date / time: 2013/06/04 12:43:53.0609
12:43:53.0609 1668  SystemInfo:
12:43:53.0609 1668  
12:43:53.0609 1668  OS Version: 5.1.2600 ServicePack: 3.0
12:43:53.0609 1668  Product type: Workstation
12:43:53.0609 1668  ComputerName: KASA-438F1F7C83
12:43:53.0609 1668  UserName: derek
12:43:53.0609 1668  Windows directory: C:\WINDOWS
12:43:53.0609 1668  System windows directory: C:\WINDOWS
12:43:53.0609 1668  Processor architecture: Intel x86
12:43:53.0609 1668  Number of processors: 2
12:43:53.0609 1668  Page size: 0x1000
12:43:53.0609 1668  Boot type: Normal boot
12:43:53.0609 1668  ============================================================
12:43:54.0937 1668  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:43:54.0968 1668  Drive \Device\Harddisk1\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:54.0984 1668  ============================================================
12:43:54.0984 1668  \Device\Harddisk0\DR0:
12:43:54.0984 1668  MBR partitions:
12:43:54.0984 1668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
12:43:54.0984 1668  \Device\Harddisk1\DR2:
12:43:54.0984 1668  MBR partitions:
12:43:54.0984 1668  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
12:43:54.0984 1668  ============================================================
12:43:55.0046 1668  C: <-> \Device\Harddisk0\DR0\Partition1
12:43:55.0062 1668  E: <-> \Device\Harddisk1\DR2\Partition1
12:43:55.0062 1668  ============================================================
12:43:55.0062 1668  Initialize success
12:43:55.0062 1668  ============================================================
12:48:03.0437 3760  ============================================================
12:48:03.0437 3760  Scan started
12:48:03.0437 3760  Mode: Manual;
12:48:03.0437 3760  ============================================================
12:48:05.0796 3760  ================ Scan system memory ========================
12:48:05.0796 3760  System memory - ok
12:48:05.0796 3760  ================ Scan services =============================
12:48:07.0312 3760  Abiosdsk - ok
12:48:07.0312 3760  abp480n5 - ok
12:48:07.0406 3760  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:48:07.0453 3760  ACPI - ok
12:48:07.0500 3760  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:48:07.0515 3760  ACPIEC - ok
12:48:07.0640 3760  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:48:07.0703 3760  AdobeFlashPlayerUpdateSvc - ok
12:48:07.0703 3760  adpu160m - ok
12:48:07.0765 3760  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:48:07.0796 3760  aec - ok
12:48:07.0843 3760  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:48:07.0859 3760  AFD - ok
12:48:07.0859 3760  Aha154x - ok
12:48:07.0859 3760  aic78u2 - ok
12:48:07.0859 3760  aic78xx - ok
12:48:07.0906 3760  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:48:07.0906 3760  Alerter - ok
12:48:07.0937 3760  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:48:07.0937 3760  ALG - ok
12:48:07.0953 3760  AliIde - ok
12:48:07.0953 3760  amsint - ok
12:48:08.0125 3760  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:48:08.0218 3760  Apple Mobile Device - ok
12:48:08.0359 3760  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:48:08.0375 3760  AppMgmt - ok
12:48:08.0375 3760  asc - ok
12:48:08.0390 3760  asc3350p - ok
12:48:08.0390 3760  asc3550 - ok
12:48:08.0656 3760  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:48:08.0781 3760  aspnet_state - ok
12:48:08.0812 3760  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:48:08.0828 3760  AsyncMac - ok
12:48:08.0875 3760  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:48:08.0875 3760  atapi - ok
12:48:08.0875 3760  Atdisk - ok
12:48:09.0031 3760  [ 281D26DF656E53DAB568214EE282EC46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:48:09.0093 3760  Ati HotKey Poller - ok
12:48:10.0562 3760  [ C2B6F2161ABD498D2B453050FFC81812 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:48:13.0312 3760  ati2mtag - ok
12:48:13.0359 3760  [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:48:13.0375 3760  AtiHdmiService - ok
12:48:13.0437 3760  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:48:13.0453 3760  Atmarpc - ok
12:48:13.0484 3760  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:48:13.0484 3760  AudioSrv - ok
12:48:13.0531 3760  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:48:13.0546 3760  audstub - ok
12:48:14.0796 3760  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
12:48:16.0375 3760  AVGIDSAgent - ok
12:48:16.0421 3760  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:48:16.0468 3760  AVGIDSDriver - ok
12:48:16.0484 3760  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
12:48:16.0515 3760  AVGIDSHX - ok
12:48:16.0562 3760  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:48:16.0578 3760  AVGIDSShim - ok
12:48:16.0625 3760  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:48:16.0640 3760  Avgldx86 - ok
12:48:16.0718 3760  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
12:48:16.0781 3760  Avglogx - ok
12:48:16.0843 3760  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:48:16.0875 3760  Avgmfx86 - ok
12:48:16.0890 3760  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:48:16.0906 3760  Avgrkx86 - ok
12:48:16.0937 3760  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:48:16.0984 3760  Avgtdix - ok
12:48:17.0046 3760  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
12:48:17.0093 3760  avgwd - ok
12:48:17.0156 3760  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:48:17.0171 3760  Beep - ok
12:48:17.0281 3760  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:48:17.0437 3760  BITS - ok
12:48:17.0609 3760  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:48:17.0656 3760  Bonjour Service - ok
12:48:17.0687 3760  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:48:17.0703 3760  Browser - ok
12:48:17.0921 3760  [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
12:48:17.0968 3760  BrYNSvc - ok
12:48:18.0000 3760  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:48:18.0015 3760  cbidf2k - ok
12:48:18.0015 3760  cd20xrnt - ok
12:48:18.0031 3760  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:48:18.0046 3760  Cdaudio - ok
12:48:18.0093 3760  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:48:18.0125 3760  Cdfs - ok
12:48:18.0171 3760  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:48:18.0187 3760  Cdrom - ok
12:48:18.0187 3760  cerc6 - ok
12:48:18.0187 3760  Changer - ok
12:48:18.0218 3760  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:48:18.0234 3760  CiSvc - ok
12:48:18.0265 3760  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:48:18.0265 3760  ClipSrv - ok
12:48:18.0328 3760  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:48:18.0531 3760  clr_optimization_v2.0.50727_32 - ok
12:48:18.0750 3760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:48:18.0828 3760  clr_optimization_v4.0.30319_32 - ok
12:48:18.0828 3760  CmdIde - ok
12:48:18.0843 3760  COMSysApp - ok
12:48:18.0843 3760  Cpqarray - ok
12:48:18.0859 3760  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:48:18.0875 3760  CryptSvc - ok
12:48:18.0875 3760  dac2w2k - ok
12:48:18.0875 3760  dac960nt - ok
12:48:19.0000 3760  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:48:19.0046 3760  DcomLaunch - ok
12:48:19.0078 3760  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:48:19.0093 3760  Dhcp - ok
12:48:19.0109 3760  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:48:19.0125 3760  Disk - ok
12:48:19.0125 3760  dmadmin - ok
12:48:19.0312 3760  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:48:19.0484 3760  dmboot - ok
12:48:19.0546 3760  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:48:19.0578 3760  dmio - ok
12:48:19.0593 3760  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:48:19.0609 3760  dmload - ok
12:48:19.0625 3760  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:48:19.0656 3760  dmserver - ok
12:48:19.0687 3760  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:48:19.0703 3760  DMusic - ok
12:48:19.0750 3760  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:48:19.0765 3760  Dnscache - ok
12:48:19.0812 3760  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:48:19.0843 3760  Dot3svc - ok
12:48:19.0843 3760  dpti2o - ok
12:48:19.0875 3760  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:48:19.0890 3760  drmkaud - ok
12:48:19.0984 3760  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:48:20.0015 3760  e1express - ok
12:48:20.0046 3760  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:48:20.0062 3760  EapHost - ok
12:48:20.0109 3760  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:48:20.0125 3760  ERSvc - ok
12:48:20.0156 3760  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:48:20.0187 3760  Eventlog - ok
12:48:20.0250 3760  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:48:20.0312 3760  EventSystem - ok
12:48:20.0390 3760  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:48:20.0421 3760  Fastfat - ok
12:48:20.0468 3760  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:48:20.0500 3760  FastUserSwitchingCompatibility - ok
12:48:20.0546 3760  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:48:20.0562 3760  Fdc - ok
12:48:20.0578 3760  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:48:20.0593 3760  Fips - ok
12:48:20.0625 3760  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:48:20.0640 3760  Flpydisk - ok
12:48:20.0687 3760  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:48:20.0687 3760  FltMgr - ok
12:48:20.0750 3760  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:48:20.0828 3760  FontCache3.0.0.0 - ok
12:48:20.0859 3760  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:48:20.0859 3760  Fs_Rec - ok
12:48:20.0890 3760  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:48:20.0921 3760  Ftdisk - ok
12:48:20.0937 3760  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:48:20.0953 3760  GEARAspiWDM - ok
12:48:20.0968 3760  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:48:20.0984 3760  Gpc - ok
12:48:21.0078 3760  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:48:21.0093 3760  gupdate - ok
12:48:21.0093 3760  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:48:21.0093 3760  gupdatem - ok
12:48:21.0156 3760  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:48:21.0187 3760  HDAudBus - ok
12:48:21.0234 3760  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:48:21.0250 3760  helpsvc - ok
12:48:21.0250 3760  HidServ - ok
12:48:21.0296 3760  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:48:21.0312 3760  hidusb - ok
12:48:21.0343 3760  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:48:21.0359 3760  hkmsvc - ok
12:48:21.0359 3760  hpn - ok
12:48:21.0562 3760  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        c:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:48:21.0593 3760  hpqcxs08 - ok
12:48:21.0640 3760  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        c:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:48:21.0687 3760  hpqddsvc - ok
12:48:22.0093 3760  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:48:22.0140 3760  HTTP - ok
12:48:22.0187 3760  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:48:22.0187 3760  HTTPFilter - ok
12:48:22.0203 3760  i2omgmt - ok
12:48:22.0203 3760  i2omp - ok
12:48:22.0234 3760  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
12:48:22.0234 3760  i8042prt - ok
12:48:22.0500 3760  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:48:22.0625 3760  idsvc - ok
12:48:22.0656 3760  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:48:22.0656 3760  Imapi - ok
12:48:22.0734 3760  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:48:22.0781 3760  ImapiService - ok
12:48:22.0781 3760  ini910u - ok
12:48:23.0671 3760  [ 39A817320087EF1C851D7A8F1701B3E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:48:24.0750 3760  IntcAzAudAddService - ok
12:48:24.0750 3760  IntelIde - ok
12:48:24.0796 3760  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:48:24.0812 3760  intelppm - ok
12:48:24.0828 3760  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:48:24.0843 3760  Ip6Fw - ok
12:48:24.0875 3760  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:48:24.0906 3760  IpFilterDriver - ok
12:48:24.0937 3760  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:48:24.0953 3760  IpInIp - ok
12:48:25.0000 3760  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:48:25.0031 3760  IpNat - ok
12:48:25.0250 3760  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:48:25.0328 3760  iPod Service - ok
12:48:25.0421 3760  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:48:25.0437 3760  IPSec - ok
12:48:25.0468 3760  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:48:25.0484 3760  IRENUM - ok
12:48:25.0515 3760  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:48:25.0515 3760  isapnp - ok
12:48:25.0718 3760  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:48:25.0734 3760  JavaQuickStarterService - ok
12:48:25.0765 3760  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:48:25.0781 3760  Kbdclass - ok
12:48:25.0796 3760  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:48:25.0812 3760  kbdhid - ok
12:48:25.0859 3760  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:48:25.0875 3760  kmixer - ok
12:48:25.0921 3760  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:48:25.0968 3760  KSecDD - ok
12:48:26.0031 3760  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:48:26.0046 3760  LanmanServer - ok
12:48:26.0093 3760  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:48:26.0109 3760  lanmanworkstation - ok
12:48:26.0125 3760  lbrtfdc - ok
12:48:26.0156 3760  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:48:26.0171 3760  LmHosts - ok
12:48:26.0187 3760  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:48:26.0375 3760  Messenger - ok
12:48:26.0453 3760  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:48:26.0531 3760  mnmdd - ok
12:48:26.0578 3760  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:48:26.0625 3760  mnmsrvc - ok
12:48:26.0656 3760  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:48:26.0671 3760  Modem - ok
12:48:26.0671 3760  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:48:26.0687 3760  Mouclass - ok
12:48:26.0718 3760  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:48:26.0734 3760  mouhid - ok
12:48:26.0765 3760  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:48:26.0781 3760  MountMgr - ok
12:48:26.0875 3760  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:48:26.0890 3760  MozillaMaintenance - ok
12:48:26.0890 3760  mraid35x - ok
12:48:26.0953 3760  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:48:26.0968 3760  MRxDAV - ok
12:48:27.0093 3760  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:48:27.0171 3760  MRxSmb - ok
12:48:27.0203 3760  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:48:27.0218 3760  MSDTC - ok
12:48:27.0250 3760  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:48:27.0265 3760  Msfs - ok
12:48:27.0265 3760  MSIServer - ok
12:48:27.0296 3760  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:48:27.0312 3760  MSKSSRV - ok
12:48:27.0437 3760  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:48:27.0437 3760  MSPCLOCK - ok
12:48:27.0453 3760  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:48:27.0468 3760  MSPQM - ok
12:48:27.0546 3760  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:48:27.0562 3760  mssmbios - ok
12:48:27.0609 3760  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:48:27.0640 3760  Mup - ok
12:48:27.0687 3760  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:48:27.0750 3760  napagent - ok
12:48:27.0812 3760  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:48:27.0843 3760  NDIS - ok
12:48:27.0890 3760  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:48:27.0906 3760  NdisTapi - ok
12:48:27.0937 3760  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:48:27.0937 3760  Ndisuio - ok
12:48:27.0984 3760  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:48:28.0015 3760  NdisWan - ok
12:48:28.0046 3760  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:48:28.0078 3760  NDProxy - ok
12:48:28.0109 3760  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:48:28.0125 3760  Net Driver HPZ12 - ok
12:48:28.0156 3760  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:48:28.0203 3760  NetBIOS - ok
12:48:28.0234 3760  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:48:28.0265 3760  NetBT - ok
12:48:28.0296 3760  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:48:28.0312 3760  NetDDE - ok
12:48:28.0734 3760  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:48:28.0734 3760  NetDDEdsdm - ok
12:48:28.0796 3760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:48:28.0828 3760  Netlogon - ok
12:48:28.0953 3760  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:48:29.0015 3760  Netman - ok
12:48:29.0062 3760  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:48:29.0093 3760  NetTcpPortSharing - ok
12:48:29.0125 3760  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:48:29.0171 3760  Nla - ok
12:48:29.0187 3760  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:48:29.0203 3760  Npfs - ok
12:48:29.0546 3760  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:48:29.0687 3760  Ntfs - ok
12:48:29.0843 3760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:48:29.0859 3760  NtLmSsp - ok
12:48:30.0031 3760  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:48:30.0109 3760  NtmsSvc - ok
12:48:30.0140 3760  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:48:30.0156 3760  Null - ok
12:48:30.0234 3760  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:48:30.0234 3760  NwlnkFlt - ok
12:48:30.0265 3760  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:48:30.0265 3760  NwlnkFwd - ok
12:48:30.0281 3760  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:48:30.0296 3760  Parport - ok
12:48:30.0312 3760  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:48:30.0328 3760  PartMgr - ok
12:48:30.0390 3760  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:48:30.0390 3760  ParVdm - ok
12:48:30.0437 3760  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:48:30.0453 3760  PCI - ok
12:48:30.0453 3760  PCIDump - ok
12:48:30.0453 3760  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:48:30.0468 3760  PCIIde - ok
12:48:30.0500 3760  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:48:30.0500 3760  Pcmcia - ok
12:48:30.0500 3760  PDCOMP - ok
12:48:30.0515 3760  PDFRAME - ok
12:48:30.0515 3760  PDRELI - ok
12:48:30.0515 3760  PDRFRAME - ok
12:48:30.0515 3760  perc2 - ok
12:48:30.0515 3760  perc2hib - ok
12:48:30.0546 3760  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:48:30.0546 3760  PlugPlay - ok
12:48:30.0578 3760  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:48:30.0593 3760  Pml Driver HPZ12 - ok
12:48:30.0609 3760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:48:30.0609 3760  PolicyAgent - ok
12:48:30.0625 3760  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:48:30.0640 3760  PptpMiniport - ok
12:48:30.0656 3760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:48:30.0656 3760  ProtectedStorage - ok
12:48:30.0687 3760  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:48:30.0703 3760  PSched - ok
12:48:30.0718 3760  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:48:30.0734 3760  Ptilink - ok
12:48:30.0781 3760  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:48:30.0796 3760  PxHelp20 - ok
12:48:30.0796 3760  ql1080 - ok
12:48:30.0796 3760  Ql10wnt - ok
12:48:30.0812 3760  ql12160 - ok
12:48:30.0812 3760  ql1240 - ok
12:48:30.0812 3760  ql1280 - ok
12:48:30.0843 3760  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:48:30.0859 3760  RasAcd - ok
12:48:30.0890 3760  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:48:30.0921 3760  RasAuto - ok
12:48:30.0937 3760  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:48:30.0953 3760  Rasl2tp - ok
12:48:31.0000 3760  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:48:31.0015 3760  RasMan - ok
12:48:31.0046 3760  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:48:31.0062 3760  RasPppoe - ok
12:48:31.0078 3760  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:48:31.0093 3760  Raspti - ok
12:48:31.0156 3760  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:48:31.0187 3760  Rdbss - ok
12:48:31.0218 3760  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:48:31.0234 3760  RDPCDD - ok
12:48:31.0531 3760  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:48:31.0578 3760  rdpdr - ok
12:48:31.0718 3760  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:48:31.0812 3760  RDPWD - ok
12:48:31.0859 3760  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:48:31.0875 3760  RDSessMgr - ok
12:48:31.0921 3760  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:48:31.0937 3760  redbook - ok
12:48:31.0968 3760  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:48:31.0984 3760  RemoteAccess - ok
12:48:32.0015 3760  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:48:32.0031 3760  RemoteRegistry - ok
12:48:32.0109 3760  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:48:32.0125 3760  RpcLocator - ok
12:48:32.0203 3760  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:48:32.0203 3760  RpcSs - ok
12:48:32.0250 3760  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:48:32.0312 3760  RSVP - ok
12:48:32.0343 3760  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:48:32.0343 3760  SamSs - ok
12:48:32.0421 3760  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:48:32.0437 3760  SCardSvr - ok
12:48:32.0484 3760  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:48:32.0515 3760  Schedule - ok
12:48:32.0546 3760  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:48:32.0562 3760  Secdrv - ok
12:48:32.0578 3760  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:48:32.0593 3760  seclogon - ok
12:48:32.0609 3760  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:48:32.0625 3760  SENS - ok
12:48:32.0640 3760  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:48:32.0656 3760  Serial - ok
12:48:32.0718 3760  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:48:32.0734 3760  Sfloppy - ok
12:48:32.0828 3760  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:48:32.0875 3760  SharedAccess - ok
12:48:32.0906 3760  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:48:32.0906 3760  ShellHWDetection - ok
12:48:32.0906 3760  Simbad - ok
12:48:32.0921 3760  Sparrow - ok
12:48:32.0953 3760  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:48:32.0984 3760  splitter - ok
12:48:33.0031 3760  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:48:33.0046 3760  Spooler - ok
12:48:33.0093 3760  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:48:33.0109 3760  sr - ok
12:48:33.0171 3760  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:48:33.0218 3760  srservice - ok
12:48:33.0265 3760  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:48:33.0312 3760  Srv - ok
12:48:33.0328 3760  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:48:33.0359 3760  SSDPSRV - ok
12:48:33.0468 3760  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
12:48:33.0484 3760  StillCam - ok
12:48:33.0593 3760  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:48:33.0625 3760  stisvc - ok
12:48:33.0656 3760  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:48:33.0671 3760  swenum - ok
12:48:33.0937 3760  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:48:34.0015 3760  SwitchBoard - ok
12:48:34.0046 3760  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:48:34.0078 3760  swmidi - ok
12:48:34.0078 3760  SwPrv - ok
12:48:34.0078 3760  symc810 - ok
12:48:34.0078 3760  symc8xx - ok
12:48:34.0078 3760  sym_hi - ok
12:48:34.0078 3760  sym_u3 - ok
12:48:34.0125 3760  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:48:34.0140 3760  sysaudio - ok
12:48:34.0187 3760  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:48:34.0187 3760  SysmonLog - ok
12:48:34.0234 3760  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:48:34.0250 3760  TapiSrv - ok
12:48:34.0312 3760  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:48:34.0328 3760  Tcpip - ok
12:48:34.0343 3760  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:48:34.0359 3760  TDPIPE - ok
12:48:34.0359 3760  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:48:34.0359 3760  TDTCP - ok
12:48:34.0421 3760  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:48:34.0437 3760  TermDD - ok
12:48:34.0453 3760  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:48:34.0484 3760  TermService - ok
12:48:34.0515 3760  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:48:34.0515 3760  Themes - ok
12:48:34.0546 3760  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:48:34.0562 3760  TlntSvr - ok
12:48:34.0562 3760  TosIde - ok
12:48:34.0609 3760  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:48:34.0640 3760  TrkWks - ok
12:48:34.0671 3760  [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight       C:\WINDOWS\system32\drivers\TrueSight.sys
12:48:34.0953 3760  TrueSight - ok
12:48:34.0984 3760  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:48:35.0000 3760  Udfs - ok
12:48:35.0000 3760  ultra - ok
12:48:35.0125 3760  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:48:35.0156 3760  Update - ok
12:48:35.0203 3760  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:48:35.0218 3760  upnphost - ok
12:48:35.0234 3760  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:48:35.0234 3760  UPS - ok
12:48:35.0265 3760  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:48:35.0281 3760  usbccgp - ok
12:48:35.0296 3760  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:48:35.0328 3760  usbehci - ok
12:48:35.0343 3760  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:48:35.0359 3760  usbhub - ok
12:48:35.0375 3760  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:48:35.0375 3760  usbprint - ok
12:48:35.0406 3760  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:48:35.0421 3760  usbscan - ok
12:48:35.0468 3760  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:48:35.0500 3760  USBSTOR - ok
12:48:35.0515 3760  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:48:35.0531 3760  usbuhci - ok
12:48:35.0546 3760  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:48:35.0562 3760  VgaSave - ok
12:48:35.0562 3760  ViaIde - ok
12:48:35.0593 3760  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:48:35.0609 3760  VolSnap - ok
12:48:35.0656 3760  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:48:35.0671 3760  VSS - ok
12:48:35.0687 3760  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:48:35.0687 3760  W32Time - ok
12:48:35.0703 3760  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:48:35.0703 3760  Wanarp - ok
12:48:35.0703 3760  WDICA - ok
12:48:35.0734 3760  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:48:35.0750 3760  wdmaud - ok
12:48:35.0765 3760  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:48:35.0765 3760  WebClient - ok
12:48:35.0828 3760  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:48:35.0828 3760  winmgmt - ok
12:48:35.0859 3760  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:48:35.0859 3760  WmdmPmSN - ok
12:48:35.0890 3760  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:48:35.0906 3760  Wmi - ok
12:48:35.0953 3760  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:48:35.0953 3760  WmiApSrv - ok
12:48:36.0062 3760  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:48:36.0093 3760  WMPNetworkSvc - ok
12:48:36.0109 3760  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:48:36.0109 3760  WpdUsb - ok
12:48:36.0171 3760  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:48:36.0187 3760  WPFFontCache_v0400 - ok
12:48:36.0218 3760  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:48:36.0218 3760  wscsvc - ok
12:48:36.0265 3760  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:48:36.0281 3760  wuauserv - ok
12:48:36.0312 3760  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:48:36.0312 3760  WudfPf - ok
12:48:36.0343 3760  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:48:36.0343 3760  WudfRd - ok
12:48:36.0375 3760  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:48:36.0375 3760  WudfSvc - ok
12:48:36.0390 3760  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:48:36.0390 3760  WZCSVC - ok
12:48:36.0437 3760  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:48:36.0437 3760  xmlprov - ok
12:48:36.0437 3760  ================ Scan global ===============================
12:48:36.0468 3760  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:48:36.0500 3760  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:48:36.0515 3760  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:48:36.0531 3760  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:48:36.0531 3760  [Global] - ok
12:48:36.0531 3760  ================ Scan MBR ==================================
12:48:36.0546 3760  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:48:36.0718 3760  \Device\Harddisk0\DR0 - ok
12:48:36.0750 3760  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
12:48:36.0750 3760  \Device\Harddisk1\DR2 - ok
12:48:36.0750 3760  ================ Scan VBR ==================================
12:48:36.0750 3760  [ 6BCF62D270C87126434252D2E25C8460 ] \Device\Harddisk0\DR0\Partition1
12:48:36.0750 3760  \Device\Harddisk0\DR0\Partition1 - ok
12:48:36.0750 3760  [ 437F19FE3B59D4E36F3A64644E2F7916 ] \Device\Harddisk1\DR2\Partition1
12:48:36.0750 3760  \Device\Harddisk1\DR2\Partition1 - ok
12:48:36.0765 3760  ============================================================
12:48:36.0765 3760  Scan finished
12:48:36.0765 3760  ============================================================
12:48:36.0765 2836  Detected object count: 0
12:48:36.0765 2836  Actual detected object count: 0
 

-------

 

The scan said there was no infected objects found yet AVG still says there is a threat found. The tool did not require a reboot.



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 04 June 2013 - 01:03 PM

The system is clean. We do just some maintenance.

  1. Please go to start => Control Panel => Add Remove Programs and  uninstall Java™ 6 Update 24
     
  2. To refresh Chrome plugins cache:
    • Run Chrome.
    • Copy and paste the following in the address bar and press Enter:

      chrome://plugins
       
    • You will get a page with all the plugins listed. There is an option to disable each plugins.
    • Press "Disable" under any of the plugins. Then press "Enable".
    • Close Chrome.
  3. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#7 hcline

hcline
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 June 2013 - 01:10 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-06-2013 02
Ran by derek at 2013-06-04 13:10:05 Run:1
Running from C:\Documents and Settings\derek\Desktop\malware removal programs
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
Abiosdsk => Service deleted successfully.
abp480n5 => Service deleted successfully.
adpu160m => Service deleted successfully.
Aha154x => Service deleted successfully.
aic78u2 => Service deleted successfully.
aic78xx => Service deleted successfully.
AliIde => Service deleted successfully.
amsint => Service deleted successfully.
asc => Service deleted successfully.
asc3350p => Service deleted successfully.
asc3550 => Service deleted successfully.
Atdisk => Service deleted successfully.
cd20xrnt => Service deleted successfully.
cerc6 => Service deleted successfully.
Changer => Service deleted successfully.
CmdIde => Service deleted successfully.
Cpqarray => Service deleted successfully.
dac2w2k => Service deleted successfully.
dac960nt => Service deleted successfully.
dpti2o => Service deleted successfully.
hpn => Service deleted successfully.
i2omgmt => Service deleted successfully.
i2omp => Service deleted successfully.
ini910u => Service deleted successfully.
IntelIde => Service deleted successfully.
lbrtfdc => Service deleted successfully.
mraid35x => Service deleted successfully.
PCIDump => Service deleted successfully.
PDCOMP => Service deleted successfully.
PDFRAME => Service deleted successfully.
PDRELI => Service deleted successfully.
PDRFRAME => Service deleted successfully.
perc2 => Service deleted successfully.
perc2hib => Service deleted successfully.
ql1080 => Service deleted successfully.
Ql10wnt => Service deleted successfully.
ql12160 => Service deleted successfully.
ql1240 => Service deleted successfully.
ql1280 => Service deleted successfully.
Simbad => Service deleted successfully.
Sparrow => Service deleted successfully.
symc810 => Service deleted successfully.
symc8xx => Service deleted successfully.
sym_hi => Service deleted successfully.
sym_u3 => Service deleted successfully.
TosIde => Service deleted successfully.
ultra => Service deleted successfully.
ViaIde => Service deleted successfully.
WDICA => Service deleted successfully.
U1 WS2IFSL; => Service not found.
mbr => Service not found.

==== End of Fixlog ====



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 04 June 2013 - 02:15 PM

Please run FRST, press Scan and post FRST.txt log. This time it makes only one log.

 

Also tell me how is the system running,



#9 hcline

hcline
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 June 2013 - 02:18 PM

The system seems to be running fine. I haven't had any issues yet.

 

---------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02
Ran by derek (administrator) on 04-06-2013 14:17:00
Running from C:\Documents and Settings\derek\Desktop\malware removal programs
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Dropbox, Inc.) C:\Documents and Settings\derek\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
(Adobe Systems Incorporated ) C:\Program Files\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [HPUsageTracking] "c:\Program Files\HP\HP UT\bin\hppusg.exe" "c:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: E - E:\LaunchU3.exe -a
HKU\Dispatch\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2013-05-01] (Apple Inc.)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2013-05-01] (Apple Inc.)
HKU\Guest\...\Run: [Google Update] "C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [ 2013-02-07] (Google Inc.)
Startup: C:\Documents and Settings\derek\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\derek\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
PDF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
PDF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 205.171.3.65 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\derek\Application Data\Mozilla\Firefox\Profiles\ump2rjbd.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - C:\Documents and Settings\derek\Application Data\Mozilla\Firefox\Profiles\ump2rjbd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Create PDF) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\plugin/npWCChromeExtnStub.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\derek\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\derek\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\derek\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Quickrr Google Maps Search) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd\1.1_0
CHR Extension: (AdBlock) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Documents and Settings\derek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [6406656 2011-01-26] (ATI Technologies Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [15616 2013-06-04] ()
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-04 13:56 - 2013-06-04 13:56 - 00000858 ____A C:\Windows\setupact.log
2013-06-04 13:56 - 2013-06-04 13:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 12:43 - 2013-02-11 18:51 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\derek\Desktop\TDSSKiller.exe
2013-06-04 11:34 - 2013-06-04 11:34 - 00000000 ____D C:\FRST
2013-06-04 11:16 - 2013-06-04 11:16 - 00015015 ____A C:\Documents and Settings\derek\My Documents\dds.txt
2013-06-04 11:16 - 2013-06-04 11:16 - 00008097 ____A C:\Documents and Settings\derek\My Documents\attach.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00015015 ____A C:\Documents and Settings\derek\Desktop\dds.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00008097 ____A C:\Documents and Settings\derek\Desktop\attach.txt
2013-06-04 11:13 - 2013-06-04 11:13 - 00688992 ____R (Swearware) C:\Documents and Settings\derek\Desktop\dds.com
2013-06-04 10:33 - 2013-06-04 10:33 - 00001525 ____A C:\Documents and Settings\derek\Desktop\RKreport[1]_S_06042013_02d1033.txt
2013-06-04 10:32 - 2013-06-04 10:33 - 05077441 ____A (Swearware) C:\Documents and Settings\derek\Desktop\ComboFix.exe
2013-06-04 10:32 - 2013-06-04 10:32 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-04 10:31 - 2013-06-04 10:33 - 00000000 ____D C:\Documents and Settings\derek\Desktop\RK_Quarantine
2013-06-04 10:15 - 2013-06-04 10:15 - 00816128 ____A C:\Documents and Settings\derek\Desktop\RogueKiller.exe
2013-06-04 09:59 - 2013-06-04 09:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 09:59 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-04 09:46 - 2013-06-04 13:56 - 00007329 ____A C:\Windows\setupapi.log
2013-06-03 12:30 - 2013-06-04 09:38 - 00000000 ____D C:\Documents and Settings\derek\Application Data\ControlCenter4
2013-06-03 12:22 - 2013-06-03 12:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-03 12:21 - 2013-06-03 12:27 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-03 12:21 - 2013-06-03 12:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Program Files\Browny02
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ControlCenter4
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Brother
2013-06-03 12:19 - 2013-06-04 09:31 - 00000000 ____D C:\Program Files\ControlCenter4
2013-06-03 12:19 - 2013-06-03 12:20 - 00000086 ____A C:\Windows\Brfaxrx.ini
2013-06-03 12:19 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2S.dll
2013-06-03 12:19 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2.dll
2013-06-03 12:19 - 2010-02-04 21:42 - 00180224 ____A (Brother Industries, Ltd.) C:\Windows\System32\BROSNMP.DLL
2013-06-03 12:19 - 2009-12-08 16:17 - 00225280 ____N (Brother Industries, Ltd.) C:\Windows\System32\BrfxD05c.dll
2013-06-03 12:19 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\System32\BrDctF2L.dll
2013-06-03 12:19 - 2003-11-28 18:57 - 00000000 ____A C:\Windows\brdfxspd.dat
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Desktop\install
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Application Data\InstallShield
2013-05-24 14:53 - 2013-05-24 14:53 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Zeon
2013-05-24 14:37 - 2013-05-24 16:43 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-05-24 14:37 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\derek\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:36 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-24 12:00 - 2013-05-24 12:00 - 00000000 ____D C:\Documents and Settings\derek\Application Data\OrphansRemover
2013-05-20 13:29 - 2013-05-22 12:45 - 00000000 ____D C:\Documents and Settings\derek\Desktop\fake deals
2013-05-17 09:35 - 2013-06-04 13:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-15 08:37 - 2013-05-24 15:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 08:34 - 2013-05-15 08:34 - 00000000 ____D C:\Program Files\Dropbox

==================== One Month Modified Files and Folders ========

2013-06-04 14:12 - 2012-08-21 18:45 - 00001456 ____A C:\Documents and Settings\derek\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2013-06-04 14:05 - 2012-09-26 15:12 - 00000000 ____D C:\Documents and Settings\derek\Desktop\deal images
2013-06-04 14:00 - 2012-08-22 09:39 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-04 13:57 - 2012-10-11 14:42 - 00000000 ____D C:\Documents and Settings\derek\Desktop\Crowd Cut files
2013-06-04 13:57 - 2010-11-10 12:01 - 00001297 ____A C:\Windows\wiadebug.log
2013-06-04 13:56 - 2013-06-04 13:56 - 00000858 ____A C:\Windows\setupact.log
2013-06-04 13:56 - 2013-06-04 13:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 13:56 - 2013-06-04 09:46 - 00007329 ____A C:\Windows\setupapi.log
2013-06-04 13:32 - 2012-08-20 09:34 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Dropbox
2013-06-04 13:31 - 2012-08-28 16:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-04 13:27 - 2010-11-10 18:37 - 00000978 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2077806209-682003330-1003UA.job
2013-06-04 13:12 - 2010-11-10 18:13 - 01605815 ____A C:\Windows\WindowsUpdate.log
2013-06-04 13:07 - 2013-05-17 09:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-04 11:48 - 2012-08-20 09:36 - 00000000 ___RD C:\Documents and Settings\derek\My Documents\Dropbox
2013-06-04 11:48 - 2008-04-14 02:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-04 11:46 - 2012-08-22 09:39 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-04 11:46 - 2010-11-10 18:33 - 00000062 __ASH C:\Documents and Settings\derek\Local Settings\desktop.ini
2013-06-04 11:46 - 2010-11-10 18:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-04 11:46 - 2010-11-10 18:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 11:46 - 2010-11-10 18:16 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-04 11:46 - 2010-11-10 12:01 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-04 11:34 - 2013-06-04 11:34 - 00000000 ____D C:\FRST
2013-06-04 11:16 - 2013-06-04 11:16 - 00015015 ____A C:\Documents and Settings\derek\My Documents\dds.txt
2013-06-04 11:16 - 2013-06-04 11:16 - 00008097 ____A C:\Documents and Settings\derek\My Documents\attach.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00015015 ____A C:\Documents and Settings\derek\Desktop\dds.txt
2013-06-04 11:15 - 2013-06-04 11:15 - 00008097 ____A C:\Documents and Settings\derek\Desktop\attach.txt
2013-06-04 11:13 - 2013-06-04 11:13 - 00688992 ____R (Swearware) C:\Documents and Settings\derek\Desktop\dds.com
2013-06-04 10:55 - 2010-11-10 18:42 - 00065536 ____A C:\Windows\System32\config\ACEEvent.evt
2013-06-04 10:33 - 2013-06-04 10:33 - 00001525 ____A C:\Documents and Settings\derek\Desktop\RKreport[1]_S_06042013_02d1033.txt
2013-06-04 10:33 - 2013-06-04 10:32 - 05077441 ____A (Swearware) C:\Documents and Settings\derek\Desktop\ComboFix.exe
2013-06-04 10:33 - 2013-06-04 10:31 - 00000000 ____D C:\Documents and Settings\derek\Desktop\RK_Quarantine
2013-06-04 10:32 - 2013-06-04 10:32 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-04 10:15 - 2013-06-04 10:15 - 00816128 ____A C:\Documents and Settings\derek\Desktop\RogueKiller.exe
2013-06-04 09:59 - 2013-06-04 09:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 09:38 - 2013-06-03 12:30 - 00000000 ____D C:\Documents and Settings\derek\Application Data\ControlCenter4
2013-06-04 09:34 - 2010-11-10 18:33 - 00000178 ___SH C:\Documents and Settings\derek\ntuser.ini
2013-06-04 09:34 - 2010-11-10 18:32 - 00032578 ____N C:\Windows\SchedLgU.Txt
2013-06-04 09:32 - 2012-08-20 09:32 - 00000234 ___AC C:\Windows\Brpfx04a.ini
2013-06-04 09:32 - 2012-08-20 09:32 - 00000065 ___AC C:\Windows\brpcfx.ini
2013-06-04 09:31 - 2013-06-03 12:19 - 00000000 ____D C:\Program Files\ControlCenter4
2013-06-04 08:31 - 2010-11-10 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-04 08:27 - 2010-11-10 18:37 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-2077806209-682003330-1003Core.job
2013-06-03 13:12 - 2012-10-23 12:33 - 00271184 __AHC C:\Windows\System32\mlfcache.dat
2013-06-03 12:27 - 2013-06-03 12:21 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-03 12:22 - 2013-06-03 12:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-03 12:21 - 2013-06-03 12:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Program Files\Browny02
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ControlCenter4
2013-06-03 12:20 - 2013-06-03 12:20 - 00000000 ____D C:\Brother
2013-06-03 12:20 - 2013-06-03 12:19 - 00000086 ____A C:\Windows\Brfaxrx.ini
2013-06-03 12:19 - 2012-08-20 09:31 - 00000000 ____D C:\Program Files\Brother
2013-06-03 12:19 - 2010-11-11 16:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Desktop\install
2013-06-03 12:18 - 2013-06-03 12:18 - 00000000 ____D C:\Documents and Settings\derek\Application Data\InstallShield
2013-06-03 11:50 - 2010-11-29 16:20 - 00000000 ____D C:\Documents and Settings\derek\Local Settings\Application Data\Adobe
2013-06-03 11:50 - 2010-11-10 18:42 - 00394976 ___AC C:\Documents and Settings\derek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-03 11:48 - 2010-11-10 11:58 - 05311888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-03 11:45 - 2012-08-20 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2013-06-03 11:42 - 2012-08-20 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nuance
2013-05-31 11:41 - 2012-08-20 11:48 - 00000000 ____D C:\Documents and Settings\derek\Application Data\FileZilla
2013-05-31 11:40 - 2012-08-20 11:48 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-05-30 15:36 - 2012-10-19 08:50 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff from kian
2013-05-24 16:43 - 2013-05-24 14:37 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-05-24 16:23 - 2012-08-28 16:59 - 00000000 ____D C:\Program Files\QuickTime
2013-05-24 15:14 - 2010-11-10 18:47 - 00000000 ____D C:\Program Files\AVG
2013-05-24 15:09 - 2013-05-15 08:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-24 15:09 - 2013-04-10 08:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-24 15:09 - 2013-04-10 08:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-05-24 15:09 - 2013-03-20 16:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-24 15:09 - 2013-02-13 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-05-24 15:09 - 2012-12-12 09:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2013-05-24 15:09 - 2012-11-16 09:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2013-05-24 15:09 - 2012-11-16 09:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-05-24 15:09 - 2012-10-10 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-05-24 15:09 - 2012-08-29 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB941569$
2013-05-24 15:09 - 2012-08-29 08:38 - 00000000 __HDC C:\Windows\$NtUninstallKB939683$
2013-05-24 15:09 - 2012-08-29 08:37 - 00000000 __HDC C:\Windows\$NtUninstallKB954154_WM11$
2013-05-24 15:09 - 2012-08-17 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2731847$
2013-05-24 15:09 - 2012-07-12 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2718523$
2013-05-24 15:09 - 2012-06-13 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$
2013-05-24 15:09 - 2012-05-12 03:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2013-05-24 15:09 - 2012-05-12 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2013-05-24 15:09 - 2012-03-14 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2641653$
2013-05-24 15:09 - 2012-02-16 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2660465$
2013-05-24 15:09 - 2012-02-16 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2661637$
2013-05-24 15:09 - 2012-01-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2646524$
2013-05-24 15:09 - 2011-12-15 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2639417$
2013-05-24 15:09 - 2011-10-14 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2567053$
2013-05-24 15:09 - 2011-08-11 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2567680$
2013-05-24 15:09 - 2011-07-13 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2555917$
2013-05-24 15:09 - 2011-04-13 22:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2506223$
2013-05-24 15:09 - 2011-04-13 22:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2412687$
2013-05-24 15:09 - 2011-04-13 22:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2508429$
2013-05-24 15:09 - 2011-03-24 15:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$
2013-05-24 15:09 - 2011-02-08 21:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2479628$
2013-05-24 15:09 - 2010-12-15 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2467659$
2013-05-24 15:09 - 2010-12-15 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2436673$
2013-05-24 15:09 - 2010-12-15 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2423089$
2013-05-24 15:09 - 2010-11-11 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB971737$
2013-05-24 15:09 - 2010-11-11 18:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB958869$
2013-05-24 15:09 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
2013-05-24 15:09 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2378111_WM9$
2013-05-24 15:09 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2013-05-24 15:09 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2121546$
2013-05-24 15:09 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB967715$
2013-05-24 15:09 - 2010-11-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2013-05-24 15:09 - 2010-11-10 18:40 - 00000000 __HDC C:\Windows\$NtUninstallKB898461$
2013-05-24 15:08 - 2012-08-28 14:16 - 00000000 __HDC C:\Windows\$NtUninstallMSCompPackV1$
2013-05-24 15:08 - 2012-08-28 14:15 - 00000000 __HDC C:\Windows\$NtUninstallWudf01000$
2013-05-24 15:08 - 2010-11-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB982214$
2013-05-24 15:08 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB982132$
2013-05-24 15:08 - 2010-11-11 04:03 - 00000000 __HDC C:\Windows\$NtUninstallKB981349$
2013-05-24 15:08 - 2010-11-11 04:02 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB981957$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB981322$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB978601$
2013-05-24 15:08 - 2010-11-11 04:01 - 00000000 __HDC C:\Windows\$NtUninstallKB973540_WM9$
2013-05-24 15:02 - 2012-09-27 09:35 - 00000000 ____D C:\Documents and Settings\derek\Application Data\TuneUp Software
2013-05-24 14:56 - 2012-08-22 10:06 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Apple Computer
2013-05-24 14:53 - 2013-05-24 14:53 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Zeon
2013-05-24 14:53 - 2012-08-20 09:27 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Nuance
2013-05-24 14:37 - 2013-05-24 14:37 - 00000000 ____D C:\Documents and Settings\derek\Application Data\AVG
2013-05-24 14:37 - 2013-05-24 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-05-24 14:36 - 2013-05-24 14:36 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-05-24 12:00 - 2013-05-24 12:00 - 00000000 ____D C:\Documents and Settings\derek\Application Data\OrphansRemover
2013-05-23 09:57 - 2010-11-11 12:20 - 00000000 ____D C:\Documents and Settings\derek\My Documents\Google Talk Received Files
2013-05-22 16:45 - 2013-02-05 18:08 - 00068096 _ASHC C:\Documents and Settings\derek\Desktop\Thumbs.db
2013-05-22 12:45 - 2013-05-20 13:29 - 00000000 ____D C:\Documents and Settings\derek\Desktop\fake deals
2013-05-21 13:52 - 2013-03-26 10:38 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff
2013-05-21 09:45 - 2012-08-30 11:38 - 00000000 ____D C:\Windows\System32\cache
2013-05-21 08:44 - 2012-08-20 15:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-20 08:44 - 2012-08-20 08:55 - 00000000 ____D C:\Program Files\Adobe
2013-05-17 11:56 - 2012-10-30 09:55 - 00000000 ____D C:\Documents and Settings\derek\Desktop\vector art
2013-05-15 14:52 - 2010-11-10 18:39 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 12:31 - 2012-08-20 15:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 12:31 - 2012-08-20 15:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-15 08:44 - 2011-03-27 11:21 - 00000000 ____D C:\Windows\ie8updates
2013-05-15 08:44 - 2010-11-10 11:59 - 00539556 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-05-15 08:39 - 2010-11-10 18:40 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-15 08:37 - 2010-11-11 09:51 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 08:34 - 2013-05-15 08:34 - 00000000 ____D C:\Program Files\Dropbox
2013-05-14 15:23 - 2012-10-08 17:30 - 00000000 ____D C:\Documents and Settings\derek\Desktop\stuff from kyle
2013-05-13 09:28 - 2012-08-16 15:22 - 00000000 ____D C:\Documents and Settings\derek\Application Data\Mozilla
2013-05-10 15:11 - 2012-08-27 15:19 - 00000132 ___AC C:\Documents and Settings\derek\Application Data\Adobe GIF Format CS6 Prefs
2013-05-08 08:55 - 2012-08-22 09:18 - 00000132 ___AC C:\Documents and Settings\derek\Application Data\Adobe PNG Format CS6 Prefs
2013-05-06 23:27 - 2008-04-14 02:00 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 23:27 - 2008-04-14 02:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 04 June 2013 - 02:34 PM

It looks good. :thumbup2:

 

  1. Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
     
  2. You may delete any tool or log we used from your computer.
     
  3. First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

      Have a nice time hcline. :)


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:10 AM

Posted 10 June 2013 - 12:49 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users