Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection trying to make outbound connections to bad IP


  • This topic is locked This topic is locked
34 replies to this topic

#1 pandabird

pandabird

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 04 June 2013 - 10:58 PM

My Malwarebytes-Pro has just been repeatedly blocking outbound traffic from "avastsvc.exe" to IP address 46.229.165.2, an address found to be in Netherlands, This is very  "suspicious" as to what is on my machine setting this off and I would like to clean my system from this malware.

 

 

I am also concerned about corruption on my computer from rootkits and other malware recently detected by my programs.  I did notice corruption in my registry with "garble" at one key (I deleted the garble); in the same area there was a weird entry to a *.tmp file with a "/??/" entry at the beginning of the line.

I would like to look at my system and make sure it is CLEAN. I have run my Antivirus on "higest heuristic" with ALL unpackers for detection to find this and other trojans/viruses etc. I am pasting and attaching  DDS logs as requested. Please let me know if I should post or do anything else.

 

Thank you.

 

===========

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by OWNER at 23:54:41 on 2013-06-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3317 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
uProxyServer = :0
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENDN~1.LNK - C:\Windows\Installer\{E811D3DC-A647-4744-9CA6-BD4707D2808B}\_41100329364C94A5913B21.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A} : NameServer = 127.0.0.1
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.comcast.net/
x64-mWindow Title = Windows Internet Explorer provided by Comcast
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-02 09:25; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-31 22600]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-2 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-2 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-31 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-2 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-2 378432]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-12 46808]
R2 DNSCrypt;OpenDNSCrypt;C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-5-17 14336]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-31 13336]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-19 1688384]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-3-31 406056]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-12-1 222232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-6 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2011-12-1 103512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-11 99384]
S3 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-31 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-27 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-11 203320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-27 57856]
S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
S4 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2011-7-12 451848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile=NOTEPAD.EXE "%1"
FileExt: .reg: regfile=NOTEPAD.EXE "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-26 06:20:51    510464    ----a-w-    C:\Windows\System32\LXEAwupd.dll
2013-05-26 06:06:35    --------    d-----w-    C:\Program Files\Lexmark
2013-05-26 06:06:07    --------    d-----w-    C:\Program Files\Lexmark S300-S400 Series
2013-05-23 17:09:29    --------    d-----w-    C:\Restored folder 5-23-2013
2013-05-22 16:07:21    --------    d-----w-    C:\ProgramData\PC-Doctor for Windows
2013-05-22 16:06:53    --------    d-----w-    C:\Program Files\My Dell
2013-05-20 08:57:25    --------    d-----w-    C:\Program Files\iPod
2013-05-20 08:57:24    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 08:57:24    --------    d-----w-    C:\Program Files\iTunes
2013-05-17 05:24:08    --------    d-----w-    C:\ProgramData\SystemExplorer
2013-05-16 08:31:16    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-16 08:31:16    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-16 01:33:16    --------    d-----w-    C:\Users\OWNER\AppData\Local\Paint.NET
2013-05-16 01:33:16    --------    d-----w-    C:\Program Files\Paint.NET
2013-05-15 08:44:27    --------    d-----w-    C:\Users\OWNER\AppData\Roaming\VSRevoGroup
2013-05-15 03:09:04    --------    d-----w-    C:\Stinger_Quarantine
2013-05-15 03:08:38    --------    d-----w-    C:\Program Files\stinger
.
==================== Find3M  ====================
.
2013-05-25 18:23:09    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2013-05-17 22:59:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 22:59:48    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07    1025808    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:59:06    22600    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\Windows\avastSS.scr
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-04 09:36:01    866720    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-04-04 09:35:52    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-04-02 14:09:52    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-03-26 21:40:42    222232    ----a-w-    C:\Windows\System32\drivers\keyscrambler.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2011-01-18 08:53:32    2994688    ------w-    C:\Program Files (x86)\openofficeorg33.msi
.
============= FINISH: 23:55:04.35 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 05 June 2013 - 05:33 AM

Hi and Welcome!! Pandabird :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

====================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next

AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • checkup.txt
  • AdwCleaner[S1].txt
  • JRT.txt
  • All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 08 June 2013 - 08:10 AM

Still need help?

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#4 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 10 June 2013 - 12:01 AM

Hi Robybel,

 

Thank you for assiting me with me computer problem. Please accept my apologies for not getting back sooner; somehow the reply mails got sent to another folder not usually viewed (this has been corrected). I have downloaded and run the programs requested. I am attaching the log files below.

 

Whe I got to the point to run the JRT program I turned off my Avast AV, Malwarebytes, and OpenDNS DNSCrypt (encryption) programs to avoid conflicts per instructions (Thus, no start-up either after reboot). With the RogueKiller program I think I ran the pre-scan twice so you may see an additional log there for that reason.

 

I must also note that I DO backup my machine on an external drive using the Windows Backup program.. It was not connected when running the program.

I look forward to your evaluation of my logs and further instructions. Thank you.

===================================================================

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Secunia PSI (2.0.0.3003)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java version out of Date!
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (21.0)
 Mozilla Thunderbird (17.0.6)
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

===========================

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 00:05:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : OWNER - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\OWNER\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js

[OK] File is clean.

File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\prefs.js

[OK] File is clean.

File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\ojzlqqs7.profile052308unknown\prefs.js

[OK] File is clean.

File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2240 octets] - [28/05/2013 11:23:32]
AdwCleaner[S1].txt - [2326 octets] - [28/05/2013 11:25:09]
AdwCleaner[S2].txt - [318 octets] - [10/06/2013 00:05:20]
AdwCleaner[S3].txt - [1462 octets] - [10/06/2013 00:05:32]

########## EOF - C:\AdwCleaner[S3].txt - [1522 octets] ##########
 

================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by OWNER on Mon 06/10/2013 at  0:15:11.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\OWNER\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\OWNER\appdata\local\{96F7C0D2-4331-4959-8A1F-F028EC17C4DE}
Successfully deleted: [Empty Folder] C:\Users\OWNER\appdata\local\{B281AD99-FB2D-4AC0-A961-B453CDCE8E4C}



~~~ FireFox

Successfully deleted: [File] C:\Users\OWNER\AppData\Roaming\mozilla\firefox\profiles\6xcqg4yz.profile052308\extensions\info@priceblink.com.xpi
Successfully deleted the following from C:\Users\OWNER\AppData\Roaming\mozilla\firefox\profiles\6xcqg4yz.profile052308\prefs.js

user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.o
user_pref("extensions.linkextend.kidsafe-googlesafesearch", false);
user_pref("extensions.linkextend.search-searchtraffic", true);
user_pref("socialfixer.1003347172/cached_content/donate_pagelet", "{\"expires_on\":1347679559823,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99
user_pref("socialfixer.1003347172/cached_content/tips_pagelet", "{\"expires_on\":1363668551168,\"content\":[{\"id\":101,\"content\":\"<div style=\\\"border:2px solid #cccc99;p
Emptied folder: C:\Users\OWNER\AppData\Roaming\mozilla\firefox\profiles\6xcqg4yz.profile052308\minidumps [451 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/10/2013 at  0:18:07.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

=====================================

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Scan -- Date : 06/10/2013 00:21:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06102013_02d0021.txt >>
RKreport[1]_S_06102013_02d0021.txt


 

======================================================

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Scan -- Date : 06/10/2013 00:23:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_06102013_02d0023.txt >>
RKreport[1]_S_06102013_02d0021.txt ; RKreport[2]_S_06102013_02d0023.txt

========================================================

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Remove -- Date : 06/10/2013 00:24:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_06102013_02d0024.txt >>
RKreport[1]_S_06102013_02d0021.txt ; RKreport[2]_S_06102013_02d0023.txt ; RKreport[3]_D_06102013_02d0024.txt

==========================================================

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Remove -- Date : 06/10/2013 00:26:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_06102013_02d0026.txt >>
RKreport[1]_S_06102013_02d0021.txt ; RKreport[3]_D_06102013_02d0024.txt ; RKreport[4]_D_06102013_02d0026.txt
===============================================

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/10/2013 00:32:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 132 / Fail 0
My documents: Success 5 / Fail 5
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 889 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1188 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume8 -- 0x2 --> Restored

Finished : << RKreport[5]_SC_06102013_02d0032.txt >>
RKreport[1]_S_06102013_02d0021.txt ; RKreport[2]_S_06102013_02d0023.txt ; RKreport[3]_D_06102013_02d0024.txt ; RKreport[4]_D_06102013_02d0026.txt ; RKreport[5]_SC_06102013_02d0032.txt


 

 

 

 

 



#5 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 10 June 2013 - 12:10 AM

After further reviewing the first Security check Log I must mention that:

 

1) I thought I removed and disabled JAVA due to all the security concerns lately but maybe not.

2) The Adobe Reader is "out of date" as I have been unable to get the prgram to update properly on installation  I use Secunia and Avast AV now has a program checker.



#6 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 10 June 2013 - 10:56 PM

Hi pandabird :)

Good job :)


Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#7 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 11 June 2013 - 12:46 AM

I downloaded Combofix  to my desktop per instructions.  I disabled my Avast antivirus permanently and turned off the file and web protection for Malwarebytes per the instructions. I DID NOT turn off my firewall though; it is a bit vaque how I will still be protected if I do unless I can disconnect my computer physically from the internet when running Combofix. [This needs to be clarified in the instructions]

 

I ran the Combofix and looked through the log which I am pasting below for your evaluation. I must note that I did a "TEST" restore from my external drive 1-2 weeks ago and ended up with a long list of files with no subfolders  in  [C:\Restored folder 5-23-2013]; somehow I need to delete this folder. {Now I know what not to do when running the restore}

 

Thank you for your assistance.

ComboFix 13-06-08.02 - OWNER 06/11/2013   1:05.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.4118 [GMT -4:00]
Running from: c:\users\OWNER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll
c:\users\OWNER\GoToAssistDownloadHelper.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 05:13 . 2013-06-11 05:13    --------    d-----w-    c:\users\USER 1\AppData\Local\temp
2013-06-11 05:13 . 2013-06-11 05:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-10 04:15 . 2013-06-10 04:15    --------    d-----w-    c:\windows\ERUNT
2013-06-10 04:14 . 2013-06-10 04:14    --------    d-----w-    C:\JRT
2013-06-07 15:36 . 2013-06-07 15:36    260    ----a-w-    c:\windows\SysWow64\cmdVBS.vbs
2013-06-07 15:36 . 2013-06-07 15:36    256    ----a-w-    c:\windows\SysWow64\MSIevent.bat
2013-06-07 15:35 . 2013-06-07 16:29    --------    d-----w-    c:\users\OWNER\AppData\Local\SupportSoft
2013-06-07 15:35 . 2013-06-07 16:29    --------    d-----w-    c:\program files (x86)\Verizon
2013-05-23 17:09 . 2013-05-31 17:51    --------    d-----w-    C:\Restored folder 5-23-2013
2013-05-22 16:07 . 2013-05-22 16:07    --------    d-----w-    c:\programdata\PC-Doctor for Windows
2013-05-22 16:06 . 2013-06-04 04:54    --------    d-----w-    c:\program files\My Dell
2013-05-20 08:57 . 2013-05-20 08:57    --------    d-----w-    c:\program files\iPod
2013-05-20 08:57 . 2013-05-20 08:57    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 08:57 . 2013-05-20 08:57    --------    d-----w-    c:\program files\iTunes
2013-05-17 05:24 . 2013-05-17 05:29    --------    d-----w-    c:\programdata\SystemExplorer
2013-05-16 08:31 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-16 08:31 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 08:31 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-16 01:33 . 2013-05-26 05:50    --------    d-----w-    c:\program files\Paint.NET
2013-05-16 01:33 . 2013-05-17 05:31    --------    d-----w-    c:\users\OWNER\AppData\Local\Paint.NET
2013-05-15 09:57 . 2013-05-17 06:08    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-05-15 08:44 . 2013-05-15 08:44    --------    d-----w-    c:\users\OWNER\AppData\Roaming\VSRevoGroup
2013-05-15 03:09 . 2013-05-28 01:19    --------    d-----w-    C:\Stinger_Quarantine
2013-05-15 03:08 . 2013-05-28 06:39    --------    d-----w-    c:\program files\stinger
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-25 18:23 . 2012-07-27 05:18    74703    ----a-w-    c:\windows\SysWow64\mfc45.dat
2013-05-25 04:45 . 2010-07-09 14:22    388096    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-17 22:59 . 2012-03-31 02:34    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 22:59 . 2011-06-06 08:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 19:07 . 2011-06-06 03:42    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-09 12:41 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-05-02 13:25    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-02 13:25    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-02 13:25    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-02 13:25    378432    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-05-02 13:25    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-05-02 13:25    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-05-02 13:25    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-05-02 13:25    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2012-08-31 22:22    22600    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:58 . 2013-05-02 13:24    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-12-02 06:10    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-02 06:06 . 2013-03-14 21:01    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 17:24    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:24    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:24    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:24    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:24    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:24    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:28    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-06-06 08:42    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-04 09:36 . 2012-06-15 05:48    866720    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-04-04 09:35 . 2011-03-31 19:52    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-03-26 21:40 . 2011-12-01 16:55    222232    ----a-w-    c:\windows\system32\drivers\keyscrambler.sys
2013-03-19 06:04 . 2013-04-10 18:23    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:23    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:23    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:23    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:23    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:23    112640    ----a-w-    c:\windows\system32\smss.exe
2011-01-18 08:53 . 2011-01-18 08:53    2994688    ------w-    c:\program files (x86)\openofficeorg33.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\USER 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenDNSCrypt.lnk - c:\windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe [2013-6-7 4710]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0Secunia PSI Tray\0\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [x]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe;c:\program files\DebugDiag\DbgSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 18:51    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2013-01-23 772712]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2013-01-23 150264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - ExtSQL: 2013-05-02 09:25; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-94726861.sys
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-11  01:24:05
ComboFix-quarantined-files.txt  2013-06-11 05:24
ComboFix2.txt  2012-04-20 19:30
.
Pre-Run: 728,355,655,680 bytes free
Post-Run: 728,262,168,576 bytes free
.
- - End Of File - - 23A069A62C209C8CE78E1AB700628523
D41D8CD98F00B204E9800998ECF8427E
 



#8 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 11 June 2013 - 08:33 PM

Hi Pandabird

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache

Folder::
C:\Restored folder 5-23-2013
In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif

next
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Next


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    On your next reply please post :
  • ombofix log after fix
  • MBAM log
  • ESET Report
  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

Edited by Robybel, 11 June 2013 - 08:34 PM.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#9 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 12 June 2013 - 03:41 AM

I need help! I have been running the Combofix for at least 3-4 hours to delete the c: Restored folder 5-23-2013 and it is still going.
What should Ido?

#10 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 12 June 2013 - 03:43 AM

The file is 79 GB.

Sent from other computer.

#11 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 13 June 2013 - 07:51 AM

I ran the Malwarebytes Anti-Malware scanner but there were no infections. (This was run as a FULL scan  instead of the Quick scan). There was NO log option for this run. I went to my "Programs (x86)/ ESET" folder and copied the log file from there. The log file that I am including shows my last two previous runs in which MBAM found some infections.   I manually deleted the files from Restored folder (we just deleted this in the fix) and the "C:\Users\OWNER\Desktop\Installation files\duplicate-file-finder-setup.exe".  [I am not sure if the "Ask-Toolbar" finding is really bad but it is probably a PUP obtained from downloading a desired utility from another computer advice reputable site -trained to give advice in combofix]

 

 

Also,the ESET scan was run by 'clicking "Run as Administrator" per your instructions.  Now infection was found; all items were checked to be scanned and removed if found (ie. inside archives, I PUP).  I turned OFF my Malwarebytes protections and my Avast antivirus prior to the run.

 

I am pasting the logs for both below. I await your further instructions.

==========================================
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OWNER :: OWNER-PC [administrator]

Protection: Enabled

6/13/2013 3:56:54 AM
mbam-log-2013-06-13 (03-56-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 541927
Time elapsed: 1 hour(s), 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

======================================

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=13833
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-15 10:18:00
# local_time=2013-05-15 06:18:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 94 0 144404952 0 0
# compatibility_mode=5893 16776574 66 85 60286132 120156530 0 0
# scanned=138490
# found=1
# cleaned=0
# scan_time=5288
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\OWNER\Desktop\Installation files\duplicate-file-finder-setup.exe"

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=13941
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-29 09:15:57
# local_time=2013-05-29 05:15:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 145610829 0 0
# compatibility_mode=5893 16776574 66 85 61492009 121362407 0 0
# scanned=412114
# found=2
# cleaned=2
# scan_time=11327
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Restored folder 5-23-2013\duplicate-file-finder-setup.exe"
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\OWNER\Desktop\Installation files\duplicate-file-finder-setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14061
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-13 11:57:07
# local_time=2013-06-13 07:57:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1161209 146916499 0 0
# compatibility_mode=5893 16776573 100 94 0 122668077 0 0
# scanned=311386
# found=0
# cleaned=0
# scan_time=8549
 

 

 



#12 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 13 June 2013 - 09:25 AM

Hi pandabird :)

Very good job

Let's do a final sweep for any leftovers


Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#13 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 15 June 2013 - 10:05 PM

I ran the OTL scan per your instructions. The logs are pasted below.
[I must note that I am using a Lexmark printer and previously used a HP printer, for which I have kept connections.  I still may periodically use the HP printer (for however long possible) as it is Legal size and has a feeder too. The HP printer is not usually connected to my computer, however]

 

OTL logfile created on: 6/15/2013 4:42:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OWNER\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.85 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 63.25% Memory free
11.70 Gb Paging File | 9.38 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 732.21 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\OWNER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe (OpenDNS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Windows\SysWOW64\lxeasmr.dll ()
MOD - C:\Windows\SysWOW64\lxeasm.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (DbgSvc) -- C:\Program Files\DebugDiag\DbgSvc.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DNSCrypt) -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe ()
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (lxeaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV - (lxea_device) -- C:\Windows\SysWOW64\lxeacoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,StartPage = http://www.optonline.net
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {842D5A90-AE7A-4DAC-8D33-6459306E8528}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{842D5A90-AE7A-4DAC-8D33-6459306E8528}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/31 16:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/31 16:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/31 16:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/12 02:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/31 13:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/30 01:19:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/30 01:19:58 | 000,000,000 | ---D | M]
 
[2011/06/06 01:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Extensions
[2010/08/19 23:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/06/10 00:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions
[2011/06/06 01:56:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/06/06 01:56:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2013/05/16 21:57:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/29 00:01:04 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/06/06 01:57:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/06/06 01:57:04 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2012/03/11 19:22:39 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\googlesharing@extension.thoughtcrime.org
[2011/06/06 01:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\nostmp
[2013/05/23 01:50:52 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\optout@dubfire.net
[2011/06/06 01:56:41 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\support@ancestry(2).com
[2011/06/06 01:56:41 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\support@ancestry.com
[2012/11/27 12:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/11/27 12:46:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2012/11/27 12:46:59 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2012/11/27 12:46:53 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\googlesharing@extension.thoughtcrime.org
[2012/11/27 12:46:53 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\keyscrambler@qfx.software.corporation
[2012/11/27 12:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\nostmp
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\optout@dubfire.net
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\support@ancestry(2).com
[2012/11/27 12:46:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\support@ancestry.com
[2012/03/11 19:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2012/03/11 19:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\googlesharing@extension.thoughtcrime.org\components
[2012/03/11 19:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2012/11/27 12:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\googlesharing@extension.thoughtcrime.org\chrome
[2012/11/27 12:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\googlesharing@extension.thoughtcrime.org\components
[2012/11/27 12:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\googlesharing@extension.thoughtcrime.org\defaults
[2011/06/06 01:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\extensions
[2011/06/06 01:57:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012/05/11 18:44:27 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\longurlplease@darragh.curran.xpi
[2013/02/18 21:53:54 | 000,155,983 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\socialfixer@mattkruse.com.xpi
[2013/03/29 09:03:16 | 000,344,740 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013/05/25 01:00:10 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/15 04:56:24 | 000,453,334 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
[2011/12/29 20:25:06 | 001,032,326 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi
[2013/05/08 22:43:08 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 13:04:22 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/05/24 02:27:38 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/05/11 18:44:27 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\longurlplease@darragh.curran.xpi
[2012/11/22 14:45:05 | 000,160,217 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\socialfixer@mattkruse.com.xpi
[2012/09/19 20:24:56 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2012/11/23 02:27:53 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/22 17:15:28 | 000,345,047 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
[2011/12/29 20:25:06 | 001,032,326 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi
[2012/11/24 01:57:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 13:04:22 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/11/20 02:36:03 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions - Copy\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/31 13:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/31 13:35:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll
CHR - plugin: Abacast v1.63 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAbacheck.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Last.fm free music player = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Ad Blocker = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: avast! Online Security = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0\
CHR - Extension: Skype Click to Call = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\
CHR - Extension: Gmail = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/12 08:18:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15:64bit: - ..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemydsl] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemyfios] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemyhsi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemywifi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([wbadownload] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A}: NameServer = 208.67.220.220,208.67.222.222
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Secunia PSI Tray)
O34 - HKLM BootExecute: ()
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/15 16:27:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
[2013/06/15 16:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/06/13 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\Rk photos w Allens cK etc
[2013/06/13 12:10:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\rk wEDDING PICS
[2013/06/13 12:01:07 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\dOUGS PICS JUNE 2013
[2013/06/13 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\WEDDING PHOTOS
[2013/06/13 10:36:32 | 089,111,376 | ---- | C] (Apple Inc.) -- C:\Users\OWNER\Desktop\iTunesSetup.exe
[2013/06/13 03:17:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/13 03:17:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/13 03:17:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/13 03:17:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/13 03:17:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/13 03:17:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 03:17:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/13 03:17:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/13 03:17:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/13 03:17:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/13 03:17:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/13 03:17:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 03:17:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 03:17:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/13 03:17:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/12 14:18:40 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 14:18:40 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 14:18:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 14:18:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 14:18:38 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 14:18:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 14:18:35 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 14:18:35 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 14:18:35 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 14:18:34 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 14:18:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 14:18:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 14:18:27 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/12 14:12:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/12 08:21:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/12 08:21:06 | 000,000,000 | ---D | C] -- C:\Users\LocalService\AppData\Local\temp
[2013/06/11 01:04:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/11 01:04:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/11 01:04:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/11 01:04:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/11 00:24:15 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\OWNER\Desktop\ComboFix.exe
[2013/06/10 00:15:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/10 00:14:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/08 00:46:09 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\Verizon
[2013/06/07 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Local\SupportSoft
[2013/06/07 11:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2013/06/04 09:15:02 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/06/04 09:15:00 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/06/01 12:46:29 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\Cambridge usb
[2013/05/31 13:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/30 01:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/26 02:20:51 | 000,510,464 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXEAwupd.dll
[2013/05/26 02:20:51 | 000,295,592 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXEAwupd.exe
[2013/05/26 02:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2013/05/26 02:20:36 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxealnks.dll
[2013/05/26 02:20:30 | 000,086,186 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXEAcfg.dll
[2013/05/26 02:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark S300-S400 Series
[2013/05/26 02:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2013/05/26 02:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2013/05/26 02:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series
[2013/05/26 00:42:49 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Documents\ProcAlyzer Dumps
[2013/05/25 23:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/22 12:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/05/22 12:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/05/20 04:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 04:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 04:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 04:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 04:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/19 00:31:27 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\ProcessMonitor
[2013/05/19 00:02:11 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\ProcessExplorer
[2013/05/17 23:37:35 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\ORDERS- receipts
[2013/05/17 01:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2013/05/17 01:17:20 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Desktop\System check -printer problem
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/15 16:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Desktop\OTL.exe
[2013/06/15 16:03:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 16:03:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 15:55:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/06/15 15:55:45 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 15:55:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 15:55:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/06/15 15:55:20 | 417,677,311 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 01:51:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 12:52:32 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/13 12:52:32 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/13 12:52:32 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/13 10:36:34 | 089,111,376 | ---- | M] (Apple Inc.) -- C:\Users\OWNER\Desktop\iTunesSetup.exe
[2013/06/13 03:38:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/13 03:38:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/12 08:18:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/11 00:24:16 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\OWNER\Desktop\ComboFix.exe
[2013/06/10 21:48:04 | 006,156,893 | ---- | M] () -- C:\Users\OWNER\Desktop\BOSTON Max Brenner Chocolate menu.pdf
[2013/06/07 12:28:13 | 000,002,613 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenDNSCrypt.lnk
[2013/06/07 11:36:55 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2013/06/07 11:36:55 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2013/06/07 11:36:39 | 000,001,459 | ---- | M] () -- C:\Users\OWNER\Desktop\Verizon Message Center.lnk
[2013/06/07 08:40:40 | 000,005,200 | ---- | M] () -- C:\Users\OWNER\Desktop\mail.html
[2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/05/30 23:47:33 | 001,160,893 | ---- | M] () -- C:\Users\OWNER\Desktop\ProcessExplorer.zip
[2013/05/30 22:43:47 | 000,036,010 | ---- | M] () -- C:\Users\OWNER\Desktop\MTA Train Schedule-Southeast to Grand Central 11AM-4pm.pdf
[2013/05/30 01:21:38 | 019,456,000 | ---- | M] () -- C:\Users\OWNER\Desktop\AdbeRdrUpd1017.msp
[2013/05/30 01:17:44 | 041,559,552 | ---- | M] () -- C:\Users\OWNER\Desktop\QuickTime_7.7.4_SPS.exe
[2013/05/30 01:15:09 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/26 02:32:35 | 078,038,296 | ---- | M] () -- C:\Users\OWNER\Desktop\LEXMARK_S300_wcr_64_en.exe
[2013/05/26 02:20:56 | 000,212,262 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2013/05/26 02:20:47 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2013/05/25 23:52:34 | 000,127,984 | ---- | M] () -- C:\Users\OWNER\Desktop\windowsupdate.diagcab
[2013/05/25 14:23:09 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/22 19:01:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/20 04:57:36 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/20 04:52:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/20 04:51:43 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/17 15:45:13 | 000,007,601 | ---- | M] () -- C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
[2013/05/16 23:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/16 23:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/16 23:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/16 22:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/16 22:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/16 22:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/16 22:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/16 22:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/16 22:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 18:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/16 18:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/16 18:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/16 18:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 18:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/16 18:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 17:44:51 | 000,000,765 | ---- | M] () -- C:\Users\OWNER\Desktop\Tor.lnk
 
========== Files Created - No Company Name ==========
 
[2013/06/11 01:04:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 01:04:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 01:04:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 01:04:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 01:04:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/10 21:48:02 | 006,156,893 | ---- | C] () -- C:\Users\OWNER\Desktop\BOSTON Max Brenner Chocolate menu.pdf
[2013/06/07 11:36:55 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2013/06/07 11:36:55 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
[2013/06/07 11:36:39 | 000,001,459 | ---- | C] () -- C:\Users\OWNER\Desktop\Verizon Message Center.lnk
[2013/06/07 08:40:39 | 000,005,200 | ---- | C] () -- C:\Users\OWNER\Desktop\mail.html
[2013/05/30 23:47:32 | 001,160,893 | ---- | C] () -- C:\Users\OWNER\Desktop\ProcessExplorer.zip
[2013/05/30 22:43:47 | 000,036,010 | ---- | C] () -- C:\Users\OWNER\Desktop\MTA Train Schedule-Southeast to Grand Central 11AM-4pm.pdf
[2013/05/30 01:17:39 | 019,456,000 | ---- | C] () -- C:\Users\OWNER\Desktop\AdbeRdrUpd1017.msp
[2013/05/30 01:17:19 | 041,559,552 | ---- | C] () -- C:\Users\OWNER\Desktop\QuickTime_7.7.4_SPS.exe
[2013/05/30 01:15:09 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/30 01:15:09 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/26 02:27:31 | 078,038,296 | ---- | C] () -- C:\Users\OWNER\Desktop\LEXMARK_S300_wcr_64_en.exe
[2013/05/26 02:20:47 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2013/05/26 02:20:36 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2013/05/26 02:20:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2013/05/26 02:20:36 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2013/05/26 02:20:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2013/05/26 02:20:36 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2013/05/26 02:20:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2013/05/26 02:20:36 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2013/05/26 02:20:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2013/05/26 02:20:36 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2013/05/26 02:20:36 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2013/05/26 02:20:36 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2013/05/26 02:20:36 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2013/05/26 02:20:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2013/05/26 02:20:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2013/05/26 02:20:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2013/05/26 02:20:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2013/05/26 02:20:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2013/05/26 02:20:36 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2013/05/26 02:20:36 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2013/05/26 02:20:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2013/05/26 02:20:30 | 000,495,616 | ---- | C] () -- C:\Windows\SysNative\LXEAinst.dll
[2013/05/26 02:20:30 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2013/05/26 02:20:30 | 000,002,106 | ---- | C] () -- C:\Windows\SysWow64\lxea.loc
[2013/05/26 02:20:29 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxeacomm.dll
[2013/05/26 02:06:19 | 000,212,262 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2013/05/25 23:52:32 | 000,127,984 | ---- | C] () -- C:\Users\OWNER\Desktop\windowsupdate.diagcab
[2013/05/20 04:57:36 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/20 04:51:43 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/16 17:44:51 | 000,000,765 | ---- | C] () -- C:\Users\OWNER\Desktop\Tor.lnk
[2012/07/27 01:18:40 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/05/21 12:03:36 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/21 12:03:36 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/12 00:02:52 | 000,224,616 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/24 20:48:27 | 001,948,984 | ---- | C] () -- C:\Users\OWNER\Problem_20110623_2210.zip
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/13 18:15:06 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADEQ32comc.dll
[2011/08/18 20:26:11 | 000,007,601 | ---- | C] () -- C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
[2011/08/14 21:29:24 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi
[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2011/01/18 01:16:00 | 014,474,516 | ---- | C] () -- C:\Users\OWNER\AppData\Local\IconCache (1).db
[2007/12/17 21:57:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/06/28 23:22:00 | 000,049,152 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/18 23:52:55 | 000,000,718 | ---- | C] () -- C:\Users\OWNER\AppData\Local\HipEnforceFrontend.settings
[2007/03/12 21:04:20 | 000,001,755 | ---- | C] () -- C:\ProgramData\QTSBandwidthCache
[2007/02/20 20:50:20 | 000,031,160 | ---- | C] () -- C:\Users\OWNER\AppData\Local\GDIPFONTCACHEV1 (1).DAT
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/13 00:09:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\.spotflux
[2013/06/15 16:37:16 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Abine
[2012/06/11 17:47:39 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Amazon
[2013/05/02 01:36:24 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Audacity
[2011/10/06 17:09:28 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Auslogics
[2011/06/06 01:55:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\bioPDF
[2011/06/06 01:55:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Bullzip
[2011/06/06 01:55:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\CallingID
[2011/06/06 01:55:16 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Canneverbe_Limited
[2011/06/06 01:55:16 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/06 01:55:17 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\ComcastToolbar
[2011/06/06 01:55:17 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Copy of Mozilla 052308
[2011/06/06 01:55:21 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\ElevatedDiagnostics
[2011/08/14 22:03:19 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\enchant
[2012/04/25 10:21:56 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\FileZilla
[2011/06/06 01:55:22 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\FTW
[2012/07/02 03:05:30 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\GARMIN
[2013/04/30 02:12:47 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\gnupg
[2012/02/26 16:29:10 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\ImgBurn
[2011/06/11 00:24:48 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\IrfanView
[2011/06/07 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\KeePass
[2011/06/05 22:26:14 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Leadertech
[2011/06/06 01:55:35 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Maxprog
[2011/06/06 01:57:08 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Musicmatch
[2011/06/06 01:57:09 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\OpenDNS Updater
[2011/06/06 01:57:09 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\OpenOffice.org
[2011/06/05 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\PCDr
[2011/12/01 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\QFX Software
[2011/06/06 01:57:10 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Simply Super Software
[2012/08/13 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\SystemRequirementsLab
[2011/06/06 01:57:35 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird
[2011/06/23 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Tific
[2013/05/15 04:44:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VSRevoGroup
[2012/06/07 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\webex
[2011/06/11 01:37:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1001FAES-75W7A0
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Lexmark USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 41943040
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 919.00GB
Starting Offset: 13193183232
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 656 bytes -> C:\Users\OWNER\Documents\Gutte Voch.eml:OECustomProperty
@Alternate Data Stream - 522 bytes -> C:\Users\OWNER\Documents\CERN & 2012 Doomsday Scenario.eml:OECustomProperty
@Alternate Data Stream - 2213 bytes -> C:\Users\OWNER\Documents\FW_ Fw_ The year 1955.eml:OECustomProperty
@Alternate Data Stream - 1965 bytes -> C:\Users\OWNER\Documents\FW_ Pit Stop.eml:OECustomProperty
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >
============================================================================

 

OTL Extras logfile created on: 6/15/2013 4:42:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OWNER\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.85 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 63.25% Memory free
11.70 Gb Paging File | 9.38 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 732.21 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03376973-3ABB-4153-A6F0-FAEC59809E41}" = rport=139 | protocol=6 | dir=out | app=system |
"{0C974175-6C5C-4705-8F07-FB49F2830CBA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{11D0266E-42EB-4BF2-9831-CBCAE3440619}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{230A1665-D652-4183-BF76-4090D7CFC1A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BCCCDB9-F6C5-4A66-A638-0F901C98F2EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E11259A-F6BD-4691-A8B1-0DDE0FE4FA85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E7FE4A8-0ED8-461F-9C91-6C018EF1E54E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40C52343-0C1F-4B14-9F87-5A75C0613BC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{4187D42C-D7EE-4000-8DCF-BB189F050C83}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C2FBEB5-9C34-4275-96A4-E2E4169FD574}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F006B5B-D951-4280-B079-BFEC5CBCBBB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{508395A8-395B-4C9D-9624-88E351D3EABC}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{608D9104-6D17-4766-B095-A1A7921D0DF9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64193F88-04C9-4285-B444-0E41AC31E182}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{671D9406-9300-415D-B646-D0E6457814DE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7A4E3A86-0D89-4A01-9CC7-E2550BEE4C76}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{8816A971-5C4A-4E52-B247-D17937C7BCBF}" = lport=137 | protocol=17 | dir=in | app=system |
"{961BDAC7-1119-4093-9268-DF7AC72332EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97CC558B-4459-4C84-97BC-90E5B2DF38D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A50720F-F180-4830-8233-CE31396CB3B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A8CB4A1-3A72-4F20-A9CF-E4AEFEBF8367}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A347DD97-0B5B-48F3-8591-1873B7C42CCB}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{AB2F9917-FCB6-4A71-BFDA-51142FB593EF}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{ADBBA7FF-2433-4A33-9DA0-10469347BC45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B48C98EE-F036-49CF-9225-3C011BAA25C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB316833-0AA6-46E4-A4AA-09817F5E6D7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C441BA22-5FEE-4477-9D1B-F4E9A92A8DB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0975594-D626-42A3-8936-1DA787177AC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{D82E0537-E402-4315-89B1-944E4DB2C035}" = lport=445 | protocol=6 | dir=in | app=system |
"{E42CE7C8-4A24-4E8F-857B-928125D41A51}" = rport=138 | protocol=17 | dir=out | app=system |
"{F5CC91C7-695D-4ECC-9CD2-8207395B5BBF}" = lport=137 | protocol=6 | dir=out | name=port 137 tcp blocking |
"{FDD7FD49-BE6B-4BBA-AA3C-18723E1D497C}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013AF816-4988-4DD9-9DCE-5E3860845677}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeawbgw.exe |
"{041F7947-4F35-467C-81AE-39B0AE8E2492}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08663248-F5F6-4AD4-AC7A-1BD9908B4A68}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeawbgw.exe |
"{093CBE98-77E6-4D93-81C5-02152E5D015E}" = protocol=6 | dir=in | app=c:\program files (x86)\opendns\dnscrypt\opendnsinterface.exe |
"{0C2BA1B4-C1B9-4225-8E3D-4239DD8F0A67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CFFCC65-57AF-4AF1-B70B-449B7ACD2DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0D6FEE1E-D379-4A37-84DC-146477997DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\opendns updater\opendnsupdater.exe |
"{0EAFA968-E65C-46DE-A499-12DEA9B9DAAD}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeawbgw.exe |
"{0ECD2443-07DD-4839-960E-81D5057E9590}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10765B8F-1D21-468E-8FB4-2C2B6EEC7CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\opendns\dnscrypt\opendnscryptservice.exe |
"{124FCDDE-84BF-48C5-862C-27C31683AAE3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{29E5DC56-3687-460E-B97C-28EE23C60EFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BBEC989-014B-4C57-A30B-F08F4537E89A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeamon.exe |
"{3055EDDB-12E5-46CD-82AE-09A67D8E50A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32C0DC6E-E14C-44BC-8A28-937D705D0C58}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{343188B9-2D25-4E8F-ACA7-48C140E6CCEB}" = protocol=6 | dir=out | app=system |
"{3843A0F3-7D69-4AB4-88C5-F8ED5367A893}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeawbgw.exe |
"{397CEB7A-CB51-4DCE-B9FA-BC8F835C23C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A60AA9A-F446-4252-82ED-BA390B683235}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{492AF9FA-7712-476B-A8E1-841A31617198}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{5051BC1E-8C01-4BF7-836F-0FB442E14E3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59782060-F874-4413-BA4B-B99FCF71773E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B3C5BE3-8DAB-418B-B8FA-59D6004C45F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F935C66-B525-491A-BF23-6CEB6F322802}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5FB01242-2076-4266-9BC6-6E4EE870369F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{608DC451-0E2C-44D9-B7E7-4024166357B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{624F2492-31C5-4A77-B5B4-D26E87D0DEED}" = protocol=17 | dir=in | app=c:\program files (x86)\opendns updater\opendnsupdater.exe |
"{6B0D08E5-9E66-4E78-9896-E3A87EED0D8F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7703C7D8-2658-4A72-ACEA-553A9E439CFD}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{7A97E165-C3D8-42B1-9535-F3CD38F41D53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EBC58C4-4DD0-430E-8BE2-0911A3FEC216}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87E5E3EE-4F72-4762-80A7-D9C6A9166BF9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{886C9E6D-6143-448C-92A2-CD39C7A04D54}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{8CADD8BD-A52B-40F6-8067-DEC1188129CB}" = protocol=58 | dir=in | app=system |
"{8ECD3859-AF9D-480C-9630-58D1E6D0F188}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeamon.exe |
"{91CA4086-BA18-4B8B-8122-74E15266CC35}" = protocol=17 | dir=in | app=c:\program files (x86)\opendns\dnscrypt\opendnsinterface.exe |
"{9EE1694B-115B-41CC-AE04-A31B05F698EE}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeawbgw.exe |
"{A22C2D12-E79C-4C17-AF02-243C896F4529}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5BA87FE-F3AB-4E14-A002-B0B0C43F881E}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{ADE7EFAD-6532-424B-B7FF-43056C806570}" = protocol=17 | dir=in | app=c:\program files (x86)\opendns\dnscrypt\opendnscryptservice.exe |
"{B1B570A5-70E0-4753-9123-11C7EFA9D984}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B61D665F-9A71-44CF-B2F9-936552C69149}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B7F50424-6B22-4B40-8AE8-F432941C0DED}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C4F0AED6-4EAE-4F74-BBD0-294E079902B6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C52138BA-7089-4872-B194-1F2DD2E07B98}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeawbgw.exe |
"{CA8AA6AD-3D68-41E3-81DD-128EEC78CE9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB3F3E18-51D7-47F6-B1B4-57A9F8E1FE6C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1B4DF48-67F6-4BEB-85D5-C0449771EE57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5BFD323-4CA9-4882-B673-6E1DACA6A814}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DEA289AA-A452-4F9E-8A5F-C38B509972F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E5358C50-CDCE-4C20-A49A-B5F42D04EC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9C31A54-B3BF-4D46-969F-6487325B344E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED7297D6-063F-412E-9F94-129E3AB8D32E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EF3C05BC-2A7A-44D9-A9D5-7CFEA37CE3C9}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeawbgw.exe |
"{F5632DEB-DE12-4824-B0D7-9B67458CCF9F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FBEB8C4F-266C-49C0-A9A9-1EC924965116}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"TCP Query User{0EC6C533-8DC2-47BE-B3B9-463449C0BA34}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{1B979ABD-AE43-4AFC-8FDD-391ED6ABBF02}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{55C74CE2-8D35-4826-9C12-311482AC27C6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{A3BF8E8F-D83A-4FAB-AD9E-889158D9094B}C:\users\owner\desktop\tor\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\tor\tor browser\app\tor.exe |
"TCP Query User{AC1411D0-4C98-402E-AF05-10782CF4D3B8}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{E18C27CE-D3D6-4589-A98A-E0384AA6F758}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{1F2A477D-007F-4568-AEFD-340D4C4A241F}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{464344E1-6352-4334-BE07-B96533EF3870}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{6588774D-2FBA-49F4-94E5-534BBC88D734}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{7F4EE172-D69F-4D62-8196-AE55EF4C3E8F}C:\users\owner\desktop\tor\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\tor\tor browser\app\tor.exe |
"UDP Query User{DD675DB9-64B8-4A8E-A661-F5010875E7A2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F6CB62E4-CE05-4CBF-8E51-180BA5B72FEC}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00070886-D6C6-423C-B5A7-3298ABF20E11}" = pdfforge PDFArchitect 0.5.1.437
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5CABF2-B1F7-41ED-A86C-CE2F35B2C330}" = Debug Diagnostics 1.2
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DW WLAN Card" = DW WLAN Card
"HitmanPro37" = HitmanPro 3.7
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = My Dell
"Recuva" = Recuva
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D1B429E-A1BE-3C53-97EC-4E3036947B33}" = Google Chrome
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40D36ECF-FA05-4077-B836-C439CD0DDEF1}" = Vz In Home Agent
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A918DE8A-98C8-0950-0000-0000003C0020}" = Sanyo Katana DLX USB - Handset Manager V9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B559F2B9-E0BE-484C-A0E1-59C79B8C9325}" = Microsoft WorldWide Telescope
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B68E5C9D-FEFA-466D-A646-6A074DD156C9}" = Spotflux
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDD55F4F-4177-48CE-85BD-C6580471D404}" = TransferBigFiles Desktop Client
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE43210C-266E-4101-8FBC-04378D5E9D42}" = hp officejet 7100 series
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}" = HP Product Detection
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"Debut" = Debut Video Capture Software
"Dell Dock" = Dell Dock
"DjVuLibre+DjView" = DjVuLibre+DjView
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Family Tree Maker 2009" = Family Tree Maker 2009
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileZilla Client" = FileZilla Client 3.5.3
"GoToAssist" = GoToAssist Corporate
"GPG4Win" = Gpg4win (2.1.0)
"HP Photo Printing Software" = HP Photo Printing Software
"ImgBurn" = ImgBurn
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"KeePass Password Safe_is1" = KeePass Password Safe 1.19b
"KeyScrambler" = KeyScrambler
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PhotoPad" = PhotoPad Image Editor
"Picasa 3" = Picasa 3
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Security Task Manager" = Security Task Manager 1.8d
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"GoToMeeting" = GoToMeeting 5.1.0.880
"HuluDesktop" = Hulu Desktop
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/12/2013 8:13:48 AM | Computer Name = OWNER-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 6/12/2013 8:52:48 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 12:46:43 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 5:31:10 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\OWNER\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 5:31:10 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\OWNER\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 5:31:12 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\OWNER\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 8:18:03 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2013 8:18:05 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
 Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/14/2013 12:41:17 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/15/2013 12:31:24 AM | Computer Name = OWNER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Dell Events ]
Error - 6/19/2011 4:34:26 PM | Computer Name = OWNER-PC | Source = DataSafe | ID = 3
Description = Failed or cancelled
 
[ System Events ]
Error - 6/13/2013 3:52:20 AM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error:   %%1053
 
Error - 6/13/2013 3:54:38 AM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
 error:   %%126
 
Error - 6/14/2013 8:21:25 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
 service to connect.
 
Error - 6/14/2013 8:21:25 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error:   %%1053
 
Error - 6/14/2013 8:23:41 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
 error:   %%126
 
Error - 6/14/2013 8:25:42 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the SftService service.
 
Error - 6/14/2013 8:27:08 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Search service hung on starting.
 
Error - 6/15/2013 3:56:00 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
 service to connect.
 
Error - 6/15/2013 3:56:00 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error:   %%1053
 
Error - 6/15/2013 3:58:13 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
 error:   %%126
 
 
< End of report >
 



#14 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 15 June 2013 - 11:20 PM

I must mention two concerns that need to be addressed:

 

1)  Rootkits found on further scanning

I did another scan with my Avast AV but I adjusted the setting to scan at maximum sensitivity heuristics and to scan with ALL packers (ie..zip, .cab, etc. archives). After doing this scan in NORMAL mode 2 rootkits were found which I then deleted. (see pasted log below) I repeated the scan in SAFE mode and did an Avast BOOT SCAN but nothing was found.
I am still having the printer communication problem requiring me to reload those drivers after each reboot.

This seems like a malware problem with secondary damage etc. that may need to be fixed. It may be a good idea to do a good rootkit scan to be sure I am free of these.

======================
* avast! Scan Report
* This file is generated automatically
*
* Scan name: C: Drive only
* Started on: Sunday, May 19, 2013 11:34:00 PM
* VPS: 130519-1, 05/19/2013
*

C:\avast! sandbox\S-1-5-21-1955353798-2932276707-1562356408-1000\sfzone\C\Users\OWNER\AppData\Local\Temp\CRX_DF399A9B283A\ChromeRecover y.exe [L] Rootkit: hidden file (0)
C:\avast! sandbox\S-1-5-21-1955353798-2932276707-1562356408-1000\sfzone\C\Users\OWNER\AppData\Local\Temp\CRX_DF399A9B283A\GoogleUpdateS etup.exe [L] Rootkit: hidden file (0)

 

2) I was looking at my Malwarebytes Protection Logs (MBAM logs) and noticed that the Outbound Connection attempts stopped at a certain date.  On 6-4-2013 I updated and installed a new MVPS HOSTS file. My MBAM logs of 6-6-2013 showed no more IP blocks. It is possible that the HOSTS file detected the outbound request and blocked it at a time earlier than that detected by Malwarebytes. Whether or not the malware/cause of this outbound IP request is still be on my computer still needs to be determined.

On further look at this I today noticed that the HOST file was only 1KB so I may not have installed the update properly this time or it may have been modified somehow in the interim. I went back into the HOSTS file  Properties and changed the Security back to allow me as [OWNER-PC\User] to edit the file in Notepad; I re-pasted the MVPS Hosts file ( 559 KB) manually and then re-changed the Security settings back.

 

My HOSTS file Properties Security settings have:

System

Administrators (OWNER/PC\Administrators)

Users (OWNER-PC\Users)
 

Settings:

Full control

Modify

Read/Execute

Read

Write

Special Permissions

 

I cleared the permission from Full Control , Modify, and Write from the Users (OWNER-PC\Users) part above. I should ask how my Security settings should be configured best for here as they  may not be best.  The System and Administrator settings allow Full control etc.

 

Here are my MBAM Protection Logs for those days:

2013/06/05 00:00:05 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57843, Process: avastsvc.exe)
2013/06/05 00:00:05 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57845, Process: avastsvc.exe)
2013/06/05 00:00:13 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57850, Process: avastsvc.exe)
2013/06/05 00:00:13 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57851, Process: avastsvc.exe)
2013/06/05 00:00:37 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57857, Process: avastsvc.exe)
2013/06/05 00:00:37 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57859, Process: avastsvc.exe)
2013/06/05 00:01:01 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57870, Process: avastsvc.exe)
2013/06/05 00:01:01 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57872, Process: avastsvc.exe)
2013/06/05 00:01:01 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57877, Process: avastsvc.exe)
2013/06/05 00:01:01 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57878, Process: avastsvc.exe)
2013/06/05 00:01:09 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57882, Process: avastsvc.exe)
2013/06/05 00:01:09 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57883, Process: avastsvc.exe)
2013/06/05 00:01:09 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57886, Process: avastsvc.exe)
2013/06/05 00:01:09 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57887, Process: avastsvc.exe)
2013/06/05 00:01:17 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57891, Process: avastsvc.exe)
2013/06/05 00:01:17 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57892, Process: avastsvc.exe)
2013/06/05 00:01:17 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57896, Process: avastsvc.exe)
2013/06/05 00:01:17 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57897, Process: avastsvc.exe)
2013/06/05 00:01:25 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57902, Process: avastsvc.exe)
2013/06/05 00:01:25 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57903, Process: avastsvc.exe)
2013/06/05 00:01:25 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57907, Process: avastsvc.exe)
2013/06/05 00:01:25 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57908, Process: avastsvc.exe)
2013/06/05 00:03:41 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57916, Process: avastsvc.exe)
2013/06/05 00:03:41 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57917, Process: avastsvc.exe)
2013/06/05 00:03:49 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57923, Process: avastsvc.exe)
2013/06/05 00:03:49 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57924, Process: avastsvc.exe)
2013/06/05 00:03:57 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57929, Process: avastsvc.exe)
2013/06/05 00:03:57 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57930, Process: avastsvc.exe)
2013/06/05 00:07:50 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57949, Process: avastsvc.exe)
2013/06/05 00:07:50 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57950, Process: avastsvc.exe)
2013/06/05 00:09:02 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57961, Process: avastsvc.exe)
2013/06/05 00:09:02 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 57962, Process: avastsvc.exe)
2013/06/05 00:09:50 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 58083, Process: avastsvc.exe)
2013/06/05 00:09:50 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 58084, Process: avastsvc.exe)
2013/06/05 00:10:22 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 58192, Process: avastsvc.exe)
2013/06/05 00:10:22 -0400    OWNER-PC    OWNER    IP-BLOCK    46.229.165.2 (Type: outgoing, Port: 58194, Process: avastsvc.exe)
2013/06/05 00:11:17 -0400    OWNER-PC    OWNER    MESSAGE    Starting database refresh
2013/06/05 00:11:17 -0400    OWNER-PC    OWNER    MESSAGE    Stopping IP protection
2013/06/05 00:11:17 -0400    OWNER-PC    OWNER    MESSAGE    IP Protection stopped successfully
2013/06/05 00:11:19 -0400    OWNER-PC    OWNER    MESSAGE    Database refreshed successfully
2013/06/05 00:11:19 -0400    OWNER-PC    OWNER    MESSAGE    Starting IP protection
2013/06/05 00:11:20 -0400    OWNER-PC    OWNER    MESSAGE    IP Protection started successfully
2013/06/05 16:02:27 -0400    OWNER-PC    (null)    MESSAGE    Starting protection
2013/06/05 16:02:27 -0400    OWNER-PC    (null)    MESSAGE    Protection started successfully
2013/06/05 16:02:27 -0400    OWNER-PC    (null)    MESSAGE    Starting IP protection
2013/06/05 16:02:28 -0400    OWNER-PC    (null)    MESSAGE    IP Protection started successfully

 

=======================

 

2013/06/06 09:47:40 -0400    OWNER-PC    (null)    MESSAGE    Starting protection
2013/06/06 09:47:40 -0400    OWNER-PC    (null)    MESSAGE    Protection started successfully
2013/06/06 09:47:40 -0400    OWNER-PC    (null)    MESSAGE    Starting IP protection
2013/06/06 09:47:42 -0400    OWNER-PC    (null)    MESSAGE    IP Protection started successfully
2013/06/06 13:25:54 -0400    OWNER-PC    (null)    MESSAGE    Starting protection
2013/06/06 13:25:59 -0400    OWNER-PC    (null)    MESSAGE    Protection started successfully
2013/06/06 13:25:59 -0400    OWNER-PC    (null)    MESSAGE    Starting IP protection
2013/06/06 13:26:00 -0400    OWNER-PC    (null)    MESSAGE    IP Protection started successfully
2013/06/06 23:05:36 -0400    OWNER-PC    OWNER    MESSAGE    Executing scheduled update:  Daily | Silent
2013/06/06 23:05:53 -0400    OWNER-PC    OWNER    MESSAGE    Starting database refresh
2013/06/06 23:05:53 -0400    OWNER-PC    OWNER    MESSAGE    Stopping IP protection
2013/06/06 23:05:53 -0400    OWNER-PC    OWNER    MESSAGE    IP Protection stopped successfully
2013/06/06 23:05:53 -0400    OWNER-PC    OWNER    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.06.05.01 to version v2013.06.06.09
2013/06/06 23:05:55 -0400    OWNER-PC    OWNER    MESSAGE    Database refreshed successfully
2013/06/06 23:05:55 -0400    OWNER-PC    OWNER    MESSAGE    Starting IP protection
2013/06/06 23:05:57 -0400    OWNER-PC    OWNER    MESSAGE    IP Protection started successfully
2013/06/06 23:20:00 -0400    OWNER-PC    OWNER    MESSAGE    Executing scheduled scan:  Full Scan | Weekly
2013/06/06 23:20:00 -0400    OWNER-PC    OWNER    MESSAGE    Scheduled scan executed successfully



#15 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 16 June 2013 - 06:29 PM

Clarification:
 

1)  Rootkits found on further scanning

I did another scan with my Avast AV but I adjusted the setting to scan at maximum sensitivity heuristics and to scan with ALL packers (ie..zip, .cab, etc. archives). After doing this scan in NORMAL mode 2 rootkits were found which I then deleted. (see pasted log below) I repeated the scan in SAFE mode and did an Avast BOOT SCAN but nothing was found.
I am still having the printer communication problem requiring me to reload those drivers after each reboot.

 

I was having "printer communication problems but I am no longer. I believe my Firefox Keyscrabler add-on my have been conflicting;  I am keeping Keyscrabler OFF unless needed from special sites and extra keylogger protection. This was resolved a few weeks ago.

The AVAST AV scan was performed a few weeks ago and the rootkits found were deleted. Whether others are present (and damage from its presence) I do not know.


Edited by pandabird, 16 June 2013 - 06:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users