Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove spyware


  • This topic is locked This topic is locked
21 replies to this topic

#1 choo

choo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 16 June 2013 - 07:51 PM

I had serveral webpages open at the same time, so I closed my browser and scanned with Spybot.  I found the following by scanning - Adviva, BurstMedia, CasaleMedia, DoubleClick, FastClick, and MediaPlex.  After the scan Spybot "fixed selected" .

 Spybot shows this as fixed, but each time I re scan Adviva, BurstMedia, CasaleMedia, DoubleClick, FastClick and MediaPlex are shown as a problem again.

 

I found a user on this forum who had the same problem

(http://www.bleepingcomputer.com/forums/t/327652/ahh-i-am-infected-with-some-strange-spyware/)

 

I scanned with OTL  using the custom scan list and received the attached files.  My concern is the listing of files in C:\Windows\SysNative\drivers\etc\hosts.  Spybot shows this as fixed, but each time I scan Adviva, BurstMedia, CasaleMedia, DoubleClick, FastClick and MediaPlex are shown as a problem.

 

I would appreciate any help you could give me.  

Attached Files



BC AdBot (Login to Remove)

 


#2 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 18 June 2013 - 06:50 PM

I uninstalled Chrome, since all listings in spybot linked to it.  Are there other entries that I need to remove?  Thanks, Choo



#3 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 21 June 2013 - 12:11 AM

Hi and Welcome!! choo :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

============================

P2P Programs:

P2P programs are a major source of Malware infections.
From your log I see you have uTorrent We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.

Information regarding the risk of using these programs can be found from here and here

======================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next

AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • checkup.txt
  • AdwCleaner[S1].txt
  • JRT.txt
  • All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Edited by Robybel, 21 June 2013 - 12:14 AM.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#4 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 22 June 2013 - 09:49 PM

Thanks for helping me.  Results of checkup.txt.

 

 Results of screen317's Security Check version 0.99.67 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
COMODO Antivirus  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader 10.0.1 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 



#5 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 22 June 2013 - 09:57 PM

Here is the file from AdwCleaner:

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 22:54:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MLG - MININT-K0SM3UF
# Boot Mode : Normal
# Running from : C:\Users\MLG\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\MLG\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"alternate_error_pages":{"enabled":false},"autofill":{"enabled":false},"bookmark_bar":{"show_on_all[...]

*************************

AdwCleaner[S1].txt - [2709 octets] - [22/06/2013 22:54:32]

########## EOF - C:\AdwCleaner[S1].txt - [2769 octets] ##########



#6 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 22 June 2013 - 11:06 PM

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by MLG on Sat 06/22/2013 at 23:43:06.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/22/2013 at 23:47:03.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Rogue Killer Reports:

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MLG [Admin rights]
Mode : Scan -- Date : 06/22/2013 23:52:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][SUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16 [7][-][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-9YN164 +++++
--- User ---
[MBR] ed45a46dca4c7e3fb520e7fd8fac616b
[BSP] 6e1bdf73586e2415d7a859cfb6e235e2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1893726 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3878352896 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06222013_235258.txt >>

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MLG [Admin rights]
Mode : Remove -- Date : 06/22/2013 23:53:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16 [7][-][x] -> DELETED
[V2][SUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16 [7][-][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-9YN164 +++++
--- User ---
[MBR] ed45a46dca4c7e3fb520e7fd8fac616b
[BSP] 6e1bdf73586e2415d7a859cfb6e235e2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1893726 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3878352896 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06222013_235343.txt >>
RKreport[0]_S_06222013_235258.txt

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MLG [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/22/2013 23:54:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 10 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 6 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored

¤¤¤ Infection : Mal.Hosts ¤¤¤

Finished : << RKreport[0]_SC_06222013_235408.txt >>
RKreport[0]_D_06222013_235343.txt;RKreport[0]_S_06222013_235258.txt

 

I also have a folder RK Quaratine.

 

Thank you

 

 



#7 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 23 June 2013 - 12:36 AM

Hi choo :)


Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#8 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 23 June 2013 - 01:41 AM

I download ComboFix and when I ran it black window opened C.bat is not recognized as an internal or external command operable program or batch file.  At the command prompt C:\ComboFix I entered exit (after several minutes) because nothing happened.  When I tried to install again, it appears to extract files, but no window opens?  I turned off Comodo Internet Security before installing ComboFix. 


Edited by choo, 23 June 2013 - 01:41 AM.


#9 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 23 June 2013 - 02:38 AM

Hi choo

Please try this:
  • Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

    Go to StartBtn.gif Then Run

    "%userprofile%\desktop\combofix.exe" /killall


    killall.JPG
  • Click OK and this will start ComboFix in a special way.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply
Let the program works without touching anything not even the mouse

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#10 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 23 June 2013 - 08:56 AM

I connect to the internet by cable, but my computer has Bluetooth and Hotspot shield installed (I haven't even used these two programs.)    When I unplug the cable, the computer shows available wifi networks, but it doesn't connect automatically.  Will these affect ComboFix?  I'm still unable to run this, even using "run".

Sorry to be so ignorant.

 

 

These services are running at Startup (msconfig).  Hope this helps.

Application Experience
Andrea RT Filters Service
AtherosSvc
Windows Audio Endpoint Builder
Windows Audio
Base Filtering engine
Computer Browser
Bluetooth Support Service
COMODO Internet Security Helper Service
Cyptographic Services
DHCP Client
DHS Client
Dock Login Service
Diagnostic Policy Service
Extensible Authentication Protocol
Windows Event Log
COM+Event System
Expat Shield Service
Expat Shield Routing Service
Function Discovery Provider Host
Function Discovery Resource Publication
Server
Workstation
TCP/IP NetBIOS Helper
Windows Firewall
Net Driver HPZ12
Network connections
Network List Service
Network Location Awareness
NVIDIA Display Driver Service
Peer Networking Identity Manager
Program Compatibility Assistant Service
Pml Driver HPZ12
Peer Name Resolution Protocol
IPsec Policy Agent
Power
Protected Storage
RPC Endpoint Mapper
Security Accounts Manager
Task Scheduler
Secondary Login
System Event Notification Service
SoftThinks Agent Service
Shell Hardware Detection
Print Spooler
SSDP Discovery
Superfetch
Themes
Distributed Link Tracking Client
Desktop window Manager Session Manager
Diagnostic Service Host
Diagnostic System Host
WinHTTP Weh Proxy Auto-Discovery Service
Windows Management Instrumention
WLAN AutoConfig
Windows Live ID Sign-in Assistant
Windows media Player Network Sharing Service
Portable Device Enumerator Service
Security Center
Windows Search
Windows Audio Endpoint Builder
Windows Update
Windows Driver Foundation - User-mode Driver framework
ZAtherous Bt&Wlan Agent


Edited by choo, 23 June 2013 - 11:29 AM.


#11 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 24 June 2013 - 04:15 PM

Hi choo

Ok good,

Please do the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#12 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 24 June 2013 - 06:42 PM

Thank you.  Here are the results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-06-2013
Ran by MLG (administrator) on 24-06-2013 19:37:39
Running from C:\Users\MLG\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
() C:\Users\MLG\Local Settings\Apps\F.lux\flux.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\eHome\EhTray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4  [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
HKCU\...\Run: [F.lux] "C:\Users\MLG\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] ()
HKCU\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
AppInit_DLLs:    C:\Windows\SysWOW64\guard32.dll   C:\Windows\system32\guard64.dll [390392 2012-11-07] (COMODO)
AppInit_DLLs-x32:    C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\Users\MLG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.4_0
CHR Extension: (Click&Clean) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0
CHR Extension: (Tabs to the front!) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0
CHR Extension: (Click&Clean App) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0
CHR Extension: (Gmail) - C:\Users\MLG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
R2 ExpatShieldService; C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
S3 ExpatTrayService; C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-04] ()
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22736 2012-11-07] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1562368 2009-08-11] (Hauppauge Computer Works, Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-24 19:37 - 2013-06-24 19:37 - 00000000 ____D C:\FRST
2013-06-24 19:36 - 2013-06-24 19:36 - 01931792 ____A (Farbar) C:\Users\MLG\Desktop\FRST64.exe
2013-06-23 12:31 - 2013-06-23 12:31 - 00001584 ____A C:\Users\MLG\Documents\RS.txt
2013-06-23 02:28 - 2013-06-23 02:32 - 00000000 ____D C:\ComboFix
2013-06-23 02:28 - 2013-06-23 02:28 - 00000331 ____A C:\Start_.cmd
2013-06-23 02:28 - 2013-06-23 02:28 - 00000000 ____D C:\Qoobox
2013-06-23 02:27 - 2013-06-23 09:24 - 00000000 ___SD C:\32788R22FWJFW
2013-06-23 02:27 - 2013-06-23 02:27 - 00000000 ____D C:\Windows\erdnt
2013-06-23 02:17 - 2013-06-23 02:17 - 05082201 ____R (Swearware) C:\Users\MLG\Desktop\ComboFix.exe
2013-06-22 23:54 - 2013-06-22 23:54 - 00001447 ____A C:\Users\MLG\Desktop\RKreport[0]_SC_06222013_235408.txt
2013-06-22 23:53 - 2013-06-22 23:53 - 00003809 ____A C:\Users\MLG\Desktop\RKreport[0]_D_06222013_235343.txt
2013-06-22 23:52 - 2013-06-22 23:52 - 00003752 ____A C:\Users\MLG\Desktop\RKreport[0]_S_06222013_235258.txt
2013-06-22 23:51 - 2013-06-22 23:56 - 00000000 ____D C:\Users\MLG\Desktop\RK_Quarantine
2013-06-22 23:49 - 2013-06-22 23:50 - 03757568 ____A C:\Users\MLG\Downloads\RogueKillerX64.exe
2013-06-22 23:47 - 2013-06-22 23:47 - 00000631 ____A C:\Users\MLG\Desktop\JRT.txt
2013-06-22 23:02 - 2013-06-22 23:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-22 23:01 - 2013-06-22 23:42 - 00000000 ____D C:\JRT
2013-06-22 22:59 - 2013-06-22 22:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MLG\Downloads\JRT.exe
2013-06-22 22:56 - 2013-06-22 22:56 - 00002832 ____A C:\Users\MLG\Documents\AdwCleaner[S1].txt
2013-06-22 22:54 - 2013-06-22 22:54 - 00002832 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:53 - 2013-06-22 22:53 - 00648201 ____A C:\Users\MLG\Downloads\AdwCleaner.exe
2013-06-22 22:46 - 2013-06-22 22:46 - 00000833 ____A C:\Users\MLG\Documents\checkup.txt
2013-06-22 22:41 - 2013-06-22 22:41 - 00890978 ____A C:\Users\MLG\Downloads\SecurityCheck.exe
2013-06-21 16:55 - 2013-06-21 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-21 16:55 - 2013-06-21 16:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-21 16:55 - 2013-06-21 16:55 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-20 19:29 - 2013-06-20 19:31 - 00000382 ____A C:\Windows\HCWBlast.ini
2013-06-20 19:29 - 2009-08-12 10:20 - 00094271 ____A (Hauppauge Computer Works, Inc.) C:\Windows\SysWOW64\hcwblast.ocx
2013-06-20 19:29 - 2009-08-12 10:20 - 00065603 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwIRblast.dll
2013-06-20 19:29 - 2009-03-10 19:27 - 00073792 ____A (Hauppauge Computer Works, Inc) C:\Windows\SysWOW64\ChSuite.ocx
2013-06-20 19:29 - 2008-01-21 20:52 - 00299008 ____A (Zilog) C:\Windows\SysWOW64\hcwzblast.dll
2013-06-20 19:26 - 2009-08-11 05:11 - 01562368 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw89.sys
2013-06-20 19:26 - 2009-08-11 05:10 - 00128512 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\HcwPrx89.ax
2013-06-20 19:26 - 2009-06-25 12:13 - 04001088 ____A C:\Windows\System32\Drivers\HcwWiltF103.bin
2013-06-20 19:26 - 2006-09-08 07:36 - 00099328 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\hcwCP.ax
2013-06-20 13:05 - 2013-06-20 13:05 - 00016313 ____A C:\Users\MLG\Downloads\The Fantastic Flying Books of Mr. Morris Lessmore FULL Movie 720p - raTzz.torrent
2013-06-19 21:01 - 2013-06-19 21:01 - 00000000 ____D C:\Users\MLG\AppData\Roaming\PuzzleLab
2013-06-19 18:03 - 2013-06-19 18:03 - 00002320 ____A C:\Users\MLG\Desktop\Phenomenon 2 - Meteorite Collector's Edition.lnk
2013-06-19 18:03 - 2013-06-19 18:03 - 00000000 ____D C:\Program Files (x86)\Phenomenon 2 - Meteorite Collector's Edition
2013-06-19 18:01 - 2013-06-19 18:01 - 00000000 ____D C:\Windows\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 18:01 - 2013-06-19 18:01 - 00000000 ____D C:\Program Files (x86)\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 17:30 - 2013-06-19 17:30 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-06-19 17:17 - 2013-06-24 18:31 - 00001111 ____A C:\Windows\setupact.log
2013-06-19 17:17 - 2013-06-19 17:17 - 00000000 ____A C:\Windows\setuperr.log
2013-06-19 11:33 - 2013-06-24 18:38 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 11:33 - 2013-06-24 18:33 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 23:17 - 2013-06-18 23:17 - 00000000 ____D C:\Program Files (x86)\MP3Gain
2013-06-18 22:39 - 2013-06-21 01:54 - 00000000 ____D C:\Users\MLG\Documents\Mipony
2013-06-18 21:51 - 2013-06-21 01:55 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Mipony
2013-06-18 21:50 - 2013-06-19 01:10 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-18 21:50 - 2013-06-18 21:51 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-18 21:50 - 2013-06-18 21:50 - 00000000 ____D C:\Program Files (x86)\MiPony
2013-06-18 21:41 - 2013-06-18 21:41 - 00000000 ____D C:\Users\MLG\AppData\Local\COMODO
2013-06-18 21:38 - 2013-06-18 21:38 - 00011668 ____A C:\Users\MLG\Documents\CCFix.reg
2013-06-18 19:29 - 2013-06-18 19:29 - 00000000 ____D C:\Users\MLG\AppData\Local\VS Revo Group
2013-06-18 19:29 - 2013-06-18 19:29 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-06-16 15:07 - 2013-06-16 15:07 - 00142334 ____A C:\Users\MLG\Downloads\OTL.Txt
2013-06-16 15:07 - 2013-06-16 15:07 - 00062726 ____A C:\Users\MLG\Downloads\Extras.Txt
2013-06-16 14:57 - 2013-06-16 14:57 - 00602112 ____A (OldTimer Tools) C:\Users\MLG\Downloads\OTL.exe
2013-06-16 14:23 - 2013-06-16 14:23 - 00000856 ____A C:\Users\MLG\Documents\regbk.reg
2013-06-13 18:37 - 2013-06-13 18:37 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Macromedia
2013-06-13 15:43 - 2013-06-16 20:16 - 06552453 ____A C:\Users\MLG\AppData\Local\census.cache
2013-06-13 15:43 - 2013-06-16 20:11 - 00114127 ____A C:\Users\MLG\AppData\Local\ars.cache
2013-06-13 15:38 - 2013-06-13 15:38 - 00000036 ____A C:\Users\MLG\AppData\Local\housecall.guid.cache
2013-06-13 13:23 - 2013-06-13 19:32 - 00002086 ____A C:\Users\MLG\Documents\Tuner4.xml
2013-06-13 13:23 - 2013-06-13 19:32 - 00002086 ____A C:\Users\MLG\Documents\Tuner3.xml
2013-06-13 13:22 - 2013-06-13 19:31 - 00008267 ____A C:\Users\MLG\Documents\Tuner2.xml
2013-06-13 13:22 - 2013-06-13 19:31 - 00008267 ____A C:\Users\MLG\Documents\Tuner 1.xml
2013-06-12 23:39 - 2013-06-12 23:39 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Eipix
2013-06-12 14:17 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 14:17 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 14:17 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 14:17 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 14:17 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 14:17 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 14:17 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 14:17 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 14:14 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 14:14 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 14:14 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 14:14 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 14:14 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 14:14 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 14:14 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 14:14 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 14:14 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 14:14 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 14:14 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 14:14 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 13:27 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130612-132739.backup
2013-06-12 12:38 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:38 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:38 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:38 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:38 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:38 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:38 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:38 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:38 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:38 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:38 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 12:38 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 12:38 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:38 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:38 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 12:38 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:38 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:38 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:38 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 22:05 - 2013-06-18 21:05 - 00000000 ____D C:\Users\MLG\Documents\Keys & Docs
2013-06-08 17:41 - 2013-06-08 17:41 - 00000000 ____D C:\ProgramData\vsosdk
2013-06-08 17:32 - 2013-06-19 12:04 - 00000000 ____D C:\Users\MLG\Documents\ConvertXToDVD
2013-06-05 18:04 - 2013-06-05 18:05 - 00000000 ____D C:\Users\MLG\AppData\Roaming\ImgBurn
2013-06-03 21:50 - 2013-06-03 21:50 - 00000000 ____D C:\Users\MLG\AppData\Local\Chronicles of Albian
2013-06-01 10:46 - 2013-06-02 12:28 - 00000000 ____D C:\ProgramData\Kodak
2013-05-30 00:12 - 2012-08-23 10:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-05-30 00:12 - 2012-08-23 10:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-05-30 00:12 - 2012-08-23 10:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-05-30 00:12 - 2012-08-23 10:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-05-30 00:12 - 2012-08-23 09:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-05-30 00:12 - 2012-08-23 09:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-05-30 00:12 - 2012-08-23 09:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-30 00:12 - 2012-08-23 09:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-30 00:12 - 2012-08-23 09:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-05-30 00:12 - 2012-08-23 09:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-05-30 00:12 - 2012-08-23 09:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-30 00:12 - 2012-08-23 09:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-05-30 00:12 - 2012-08-23 09:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-05-30 00:12 - 2012-08-23 08:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-30 00:12 - 2012-08-23 07:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-05-30 00:12 - 2012-08-23 07:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-30 00:12 - 2012-08-23 07:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-05-30 00:12 - 2012-08-23 07:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-05-30 00:12 - 2012-08-23 06:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-30 00:12 - 2012-08-23 06:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-05-30 00:12 - 2012-08-23 06:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-05-30 00:12 - 2012-08-23 06:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-05-30 00:12 - 2012-08-23 05:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-05-30 00:12 - 2012-08-23 04:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-30 00:12 - 2012-08-23 04:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-29 18:18 - 2013-05-29 18:18 - 00000000 ____D C:\Program Files\WinRAR
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ____D C:\Users\MLG\AppData\Local\Apps\2.0
2013-05-29 15:49 - 2013-05-29 15:49 - 00000000 ____D C:\Users\MLG\AppData\Roaming\WinRAR
2013-05-28 00:32 - 2013-05-28 00:32 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-05-28 00:32 - 2012-07-26 00:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-28 00:32 - 2012-07-26 00:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-28 00:32 - 2012-07-25 22:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-28 00:32 - 2012-06-02 10:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-28 00:30 - 2012-07-25 23:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-28 00:30 - 2012-07-25 23:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-28 00:30 - 2012-07-25 23:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-28 00:30 - 2012-07-25 23:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-28 00:30 - 2012-07-25 23:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-28 00:30 - 2012-07-25 22:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-28 00:30 - 2012-07-25 22:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-28 00:30 - 2012-06-02 10:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-28 00:29 - 2012-06-09 13:21 - 00206336 ____A C:\Windows\System32\unrar64.dll
2013-05-28 00:29 - 2011-12-07 13:37 - 00148992 ____A ( ) C:\Windows\System32\lagarith.dll
2013-05-28 00:28 - 2013-05-28 00:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
2013-05-28 00:28 - 2013-04-29 14:00 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
2013-05-28 00:26 - 2013-05-28 00:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-28 00:26 - 2013-05-28 00:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-28 00:21 - 2013-05-28 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-05-28 00:21 - 2013-05-28 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-05-28 00:03 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-28 00:03 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-28 00:03 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-28 00:03 - 2012-12-07 09:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-05-28 00:03 - 2012-12-07 09:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-05-28 00:03 - 2012-12-07 08:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-05-28 00:03 - 2012-12-07 08:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-05-28 00:03 - 2012-12-07 07:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-05-28 00:03 - 2012-12-07 07:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-05-28 00:03 - 2012-12-07 07:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-05-28 00:03 - 2012-12-07 06:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-05-28 00:03 - 2012-11-22 01:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-05-28 00:03 - 2012-11-22 00:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-05-28 00:03 - 2012-10-09 14:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-05-28 00:03 - 2012-10-09 14:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-05-28 00:03 - 2012-10-09 13:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-05-28 00:03 - 2012-10-09 13:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-05-28 00:03 - 2012-10-03 13:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-05-28 00:03 - 2012-10-03 13:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-05-28 00:03 - 2012-10-03 13:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-05-28 00:03 - 2012-10-03 13:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-05-28 00:03 - 2012-10-03 13:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-05-28 00:03 - 2012-10-03 13:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-05-28 00:03 - 2012-10-03 12:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-05-28 00:03 - 2012-10-03 12:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-05-28 00:03 - 2012-10-03 12:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-05-28 00:03 - 2012-10-03 12:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-28 00:03 - 2012-08-24 14:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-05-28 00:03 - 2012-08-24 14:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-05-28 00:03 - 2012-08-24 14:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-28 00:03 - 2012-08-24 14:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-28 00:03 - 2012-08-24 12:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-28 00:03 - 2012-08-24 12:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-05-28 00:03 - 2012-08-24 12:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-05-28 00:03 - 2012-08-22 14:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-05-28 00:03 - 2012-08-21 17:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-05-28 00:03 - 2012-07-04 16:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-05-28 00:03 - 2012-05-04 07:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-05-28 00:03 - 2012-05-04 05:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-05-28 00:03 - 2012-05-01 01:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-05-28 00:03 - 2012-04-07 08:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-05-28 00:03 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-05-28 00:03 - 2012-01-13 03:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-05-28 00:02 - 2012-11-30 01:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-05-28 00:02 - 2012-11-30 01:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-05-28 00:02 - 2012-11-30 01:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-05-28 00:02 - 2012-11-30 01:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-05-28 00:02 - 2012-11-30 01:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-28 00:02 - 2012-11-30 01:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-05-28 00:02 - 2012-11-30 00:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-05-28 00:02 - 2012-11-30 00:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-05-28 00:02 - 2012-11-29 23:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-28 00:02 - 2012-11-29 22:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-05-28 00:02 - 2012-11-29 22:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-05-28 00:02 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-05-28 00:02 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-05-28 00:02 - 2012-11-29 19:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-05-28 00:02 - 2012-11-29 19:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-05-28 00:02 - 2012-07-06 16:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-05-28 00:02 - 2012-05-05 04:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-05-28 00:02 - 2012-05-05 03:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-05-28 00:01 - 2013-05-28 00:01 - 00000000 ____D C:\Users\MLG\AppData\Local\WindowsUpdate
2013-05-28 00:01 - 2012-02-11 02:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-05-28 00:01 - 2012-02-11 02:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-05-25 23:35 - 2013-05-25 23:35 - 00000000 ____D C:\ProgramData\StarApp
2013-05-25 15:51 - 2013-06-21 00:33 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-05-25 15:51 - 2013-06-20 19:28 - 00033865 ____A C:\Windows\Irremote.ini
2013-05-25 15:51 - 2006-10-10 17:47 - 00036921 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwutl32.dll
2013-05-25 14:00 - 2013-05-25 14:00 - 00000000 ____D C:\Users\MLG\AppData\Roaming\HP
2013-05-25 14:00 - 2013-05-25 14:00 - 00000000 ____D C:\ProgramData\WEBREG
2013-05-25 13:57 - 2013-05-25 13:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-25 13:57 - 2013-05-25 13:57 - 00000000 ____D C:\Windows\hpoj6000e609
2013-05-25 13:56 - 2013-05-25 13:56 - 00000000 ____D C:\Program Files (x86)\HP
2013-05-25 13:56 - 2009-10-16 01:56 - 00540672 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll
2013-05-25 13:56 - 2009-10-16 01:55 - 00362328 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2013-05-25 13:56 - 2008-08-12 10:58 - 00131072 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l082.dll
2013-05-25 13:53 - 2013-05-25 14:26 - 00002386 ____A C:\ProgramData\hpzinstall.log
2013-05-25 13:53 - 2013-05-25 14:00 - 00222876 ____A C:\Windows\hpwins24.dat
2013-05-25 13:53 - 2013-05-25 14:00 - 00000000 ____D C:\ProgramData\HP
2013-05-25 02:15 - 2013-06-15 18:05 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-25 02:15 - 2013-05-25 02:15 - 00000000 ____D C:\Users\MLG\My Backup Files
2013-05-25 02:14 - 2013-05-25 02:14 - 00000000 ____D C:\ProgramData\PCDr
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\Documents\CyberLink
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\AppData\Roaming\CyberLink
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\AppData\Local\Cyberlink
2013-05-25 01:56 - 2013-05-25 01:57 - 00000040 ____A C:\Windows\System32\test.txt
2013-05-25 01:52 - 2013-05-29 20:01 - 00000000 ____D C:\ProgramData\MyChannelLogos
2013-05-25 01:52 - 2013-05-25 01:52 - 00000000 ____D C:\Program Files (x86)\My Channel Logos
2013-05-25 01:34 - 2013-05-25 01:34 - 00000000 ____D C:\Users\MLG\AppData\Roaming\NVIDIA
2013-05-25 01:34 - 2013-05-25 01:34 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Mad Head Games
2013-05-25 00:40 - 2013-05-25 00:40 - 00000000 ____D C:\Users\MLG\AppData\Local\MicroVision Applications
2013-05-25 00:26 - 2013-05-25 22:46 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Thinstall
2013-05-25 00:26 - 2013-05-25 00:26 - 00000000 ____D C:\Users\MLG\AppData\Local\Thinstall

==================== One Month Modified Files and Folders =======

2013-06-24 19:37 - 2013-06-24 19:37 - 00000000 ____D C:\FRST
2013-06-24 19:36 - 2013-06-24 19:36 - 01931792 ____A (Farbar) C:\Users\MLG\Desktop\FRST64.exe
2013-06-24 18:39 - 2009-07-14 00:45 - 00020880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 18:39 - 2009-07-14 00:45 - 00020880 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 18:38 - 2013-06-19 11:33 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 18:36 - 2009-07-14 01:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 18:35 - 2013-05-17 01:01 - 01690282 ____A C:\Windows\WindowsUpdate.log
2013-06-24 18:33 - 2013-06-19 11:33 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-24 18:33 - 2013-05-17 01:27 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-24 18:33 - 2013-05-17 01:27 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-24 18:33 - 2013-05-17 01:21 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-24 18:31 - 2013-06-19 17:17 - 00001111 ____A C:\Windows\setupact.log
2013-06-24 18:31 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 12:31 - 2013-06-23 12:31 - 00001584 ____A C:\Users\MLG\Documents\RS.txt
2013-06-23 09:24 - 2013-06-23 02:27 - 00000000 ___SD C:\32788R22FWJFW
2013-06-23 02:32 - 2013-06-23 02:28 - 00000000 ____D C:\ComboFix
2013-06-23 02:28 - 2013-06-23 02:28 - 00000331 ____A C:\Start_.cmd
2013-06-23 02:28 - 2013-06-23 02:28 - 00000000 ____D C:\Qoobox
2013-06-23 02:27 - 2013-06-23 02:27 - 00000000 ____D C:\Windows\erdnt
2013-06-23 02:17 - 2013-06-23 02:17 - 05082201 ____R (Swearware) C:\Users\MLG\Desktop\ComboFix.exe
2013-06-23 00:12 - 2013-05-23 17:24 - 00000000 ____D C:\Program Files (x86)\Halloween Spirit Board
2013-06-22 23:56 - 2013-06-22 23:51 - 00000000 ____D C:\Users\MLG\Desktop\RK_Quarantine
2013-06-22 23:54 - 2013-06-22 23:54 - 00001447 ____A C:\Users\MLG\Desktop\RKreport[0]_SC_06222013_235408.txt
2013-06-22 23:53 - 2013-06-22 23:53 - 00003809 ____A C:\Users\MLG\Desktop\RKreport[0]_D_06222013_235343.txt
2013-06-22 23:52 - 2013-06-22 23:52 - 00003752 ____A C:\Users\MLG\Desktop\RKreport[0]_S_06222013_235258.txt
2013-06-22 23:50 - 2013-06-22 23:49 - 03757568 ____A C:\Users\MLG\Downloads\RogueKillerX64.exe
2013-06-22 23:47 - 2013-06-22 23:47 - 00000631 ____A C:\Users\MLG\Desktop\JRT.txt
2013-06-22 23:42 - 2013-06-22 23:01 - 00000000 ____D C:\JRT
2013-06-22 23:35 - 2013-05-23 19:57 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-06-22 23:02 - 2013-06-22 23:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-22 22:59 - 2013-06-22 22:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MLG\Downloads\JRT.exe
2013-06-22 22:56 - 2013-06-22 22:56 - 00002832 ____A C:\Users\MLG\Documents\AdwCleaner[S1].txt
2013-06-22 22:54 - 2013-06-22 22:54 - 00002832 ____A C:\AdwCleaner[S1].txt
2013-06-22 22:53 - 2013-06-22 22:53 - 00648201 ____A C:\Users\MLG\Downloads\AdwCleaner.exe
2013-06-22 22:46 - 2013-06-22 22:46 - 00000833 ____A C:\Users\MLG\Documents\checkup.txt
2013-06-22 22:41 - 2013-06-22 22:41 - 00890978 ____A C:\Users\MLG\Downloads\SecurityCheck.exe
2013-06-21 23:34 - 2013-05-24 01:06 - 00000000 ____D C:\Users\MLG\AppData\Roaming\vlc
2013-06-21 23:34 - 2013-05-24 00:46 - 00000000 ____D C:\Program Files\PeerBlock
2013-06-21 16:55 - 2013-06-21 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-21 16:55 - 2013-06-21 16:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-21 16:55 - 2013-06-21 16:55 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-21 16:55 - 2013-05-23 12:32 - 00000000 ____D C:\Users\MLG\AppData\Local\Adobe
2013-06-21 01:55 - 2013-06-18 21:51 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Mipony
2013-06-21 01:54 - 2013-06-18 22:39 - 00000000 ____D C:\Users\MLG\Documents\Mipony
2013-06-21 01:49 - 2013-05-23 17:42 - 00000000 ___RD C:\Users\MLG\Desktop\New
2013-06-21 00:33 - 2013-05-25 15:51 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-06-20 19:52 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-20 19:31 - 2013-06-20 19:29 - 00000382 ____A C:\Windows\HCWBlast.ini
2013-06-20 19:28 - 2013-05-25 15:51 - 00033865 ____A C:\Windows\Irremote.ini
2013-06-20 13:58 - 2013-05-24 01:54 - 00000000 ____D C:\Users\MLG\AppData\Roaming\uTorrent
2013-06-20 13:05 - 2013-06-20 13:05 - 00016313 ____A C:\Users\MLG\Downloads\The Fantastic Flying Books of Mr. Morris Lessmore FULL Movie 720p - raTzz.torrent
2013-06-20 13:01 - 2013-05-23 23:37 - 00000000 ____D C:\VritualRoot
2013-06-19 21:01 - 2013-06-19 21:01 - 00000000 ____D C:\Users\MLG\AppData\Roaming\PuzzleLab
2013-06-19 18:03 - 2013-06-19 18:03 - 00002320 ____A C:\Users\MLG\Desktop\Phenomenon 2 - Meteorite Collector's Edition.lnk
2013-06-19 18:03 - 2013-06-19 18:03 - 00000000 ____D C:\Program Files (x86)\Phenomenon 2 - Meteorite Collector's Edition
2013-06-19 18:01 - 2013-06-19 18:01 - 00000000 ____D C:\Windows\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 18:01 - 2013-06-19 18:01 - 00000000 ____D C:\Program Files (x86)\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 17:32 - 2013-05-23 22:57 - 00000000 ____D C:\Users\MLG\Calibre Library
2013-06-19 17:30 - 2013-06-19 17:30 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-06-19 17:17 - 2013-06-19 17:17 - 00000000 ____A C:\Windows\setuperr.log
2013-06-19 15:03 - 2013-05-23 17:34 - 00000000 ____D C:\Projects
2013-06-19 14:28 - 2013-05-23 23:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-19 14:25 - 2013-05-24 02:05 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Vso
2013-06-19 12:38 - 2013-05-24 02:05 - 00001057 ____A C:\Users\MLG\AppData\Roaming\vso_ts_preview.xml
2013-06-19 12:04 - 2013-06-08 17:32 - 00000000 ____D C:\Users\MLG\Documents\ConvertXToDVD
2013-06-19 11:33 - 2013-05-23 17:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-19 01:10 - 2013-06-18 21:50 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-18 23:18 - 2013-05-23 12:20 - 00000000 ____D C:\Users\MLG\AppData\Local\VirtualStore
2013-06-18 23:17 - 2013-06-18 23:17 - 00000000 ____D C:\Program Files (x86)\MP3Gain
2013-06-18 21:51 - 2013-06-18 21:50 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-18 21:50 - 2013-06-18 21:50 - 00000000 ____D C:\Program Files (x86)\MiPony
2013-06-18 21:41 - 2013-06-18 21:41 - 00000000 ____D C:\Users\MLG\AppData\Local\COMODO
2013-06-18 21:39 - 2013-05-24 00:30 - 00000000 ____D C:\Users\MLG\AppData\Local\CrashDumps
2013-06-18 21:38 - 2013-06-18 21:38 - 00011668 ____A C:\Users\MLG\Documents\CCFix.reg
2013-06-18 21:05 - 2013-06-09 22:05 - 00000000 ____D C:\Users\MLG\Documents\Keys & Docs
2013-06-18 19:29 - 2013-06-18 19:29 - 00000000 ____D C:\Users\MLG\AppData\Local\VS Revo Group
2013-06-18 19:29 - 2013-06-18 19:29 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-06-16 20:16 - 2013-06-13 15:43 - 06552453 ____A C:\Users\MLG\AppData\Local\census.cache
2013-06-16 20:11 - 2013-06-13 15:43 - 00114127 ____A C:\Users\MLG\AppData\Local\ars.cache
2013-06-16 15:07 - 2013-06-16 15:07 - 00142334 ____A C:\Users\MLG\Downloads\OTL.Txt
2013-06-16 15:07 - 2013-06-16 15:07 - 00062726 ____A C:\Users\MLG\Downloads\Extras.Txt
2013-06-16 14:59 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\restore
2013-06-16 14:57 - 2013-06-16 14:57 - 00602112 ____A (OldTimer Tools) C:\Users\MLG\Downloads\OTL.exe
2013-06-16 14:23 - 2013-06-16 14:23 - 00000856 ____A C:\Users\MLG\Documents\regbk.reg
2013-06-15 23:55 - 2012-02-27 13:09 - 00000000 ____D C:\Windows\Panther
2013-06-15 18:05 - 2013-05-25 02:15 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-13 19:32 - 2013-06-13 13:23 - 00002086 ____A C:\Users\MLG\Documents\Tuner4.xml
2013-06-13 19:32 - 2013-06-13 13:23 - 00002086 ____A C:\Users\MLG\Documents\Tuner3.xml
2013-06-13 19:31 - 2013-06-13 13:22 - 00008267 ____A C:\Users\MLG\Documents\Tuner2.xml
2013-06-13 19:31 - 2013-06-13 13:22 - 00008267 ____A C:\Users\MLG\Documents\Tuner 1.xml
2013-06-13 18:37 - 2013-06-13 18:37 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Macromedia
2013-06-13 15:38 - 2013-06-13 15:38 - 00000036 ____A C:\Users\MLG\AppData\Local\housecall.guid.cache
2013-06-12 23:39 - 2013-06-12 23:39 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Eipix
2013-06-12 15:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 14:19 - 2013-05-23 16:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 14:17 - 2013-05-23 18:58 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 14:17 - 2013-05-23 18:31 - 00772990 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-12 13:11 - 2013-05-23 23:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-08 17:41 - 2013-06-08 17:41 - 00000000 ____D C:\ProgramData\vsosdk
2013-06-08 10:08 - 2013-06-12 14:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-12 14:14 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-12 14:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-12 14:14 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-12 14:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-12 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-12 14:14 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-12 14:14 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-12 14:14 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-12 14:14 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-12 14:14 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-12 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 23:10 - 2013-05-23 17:39 - 00000000 ___AD C:\Users\MLG\Documents\Manuals
2013-06-05 18:05 - 2013-06-05 18:04 - 00000000 ____D C:\Users\MLG\AppData\Roaming\ImgBurn
2013-06-03 21:50 - 2013-06-03 21:50 - 00000000 ____D C:\Users\MLG\AppData\Local\Chronicles of Albian
2013-06-02 12:28 - 2013-06-01 10:46 - 00000000 ____D C:\ProgramData\Kodak
2013-05-30 01:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-29 20:01 - 2013-05-25 01:52 - 00000000 ____D C:\ProgramData\MyChannelLogos
2013-05-29 18:18 - 2013-05-29 18:18 - 00000000 ____D C:\Program Files\WinRAR
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ____D C:\Users\MLG\AppData\Local\Apps\2.0
2013-05-29 15:49 - 2013-05-29 15:49 - 00000000 ____D C:\Users\MLG\AppData\Roaming\WinRAR
2013-05-29 15:12 - 2013-05-23 16:21 - 00126136 ____A C:\Users\MLG\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-29 14:30 - 2009-07-13 22:34 - 00000510 ____A C:\Windows\win.ini
2013-05-28 00:43 - 2009-07-14 00:45 - 00464288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-28 00:32 - 2013-05-28 00:32 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-05-28 00:29 - 2013-05-28 00:28 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
2013-05-28 00:27 - 2013-05-23 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-05-28 00:26 - 2013-05-28 00:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-28 00:26 - 2013-05-28 00:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-28 00:21 - 2013-05-28 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-05-28 00:21 - 2013-05-28 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-05-28 00:01 - 2013-05-28 00:01 - 00000000 ____D C:\Users\MLG\AppData\Local\WindowsUpdate
2013-05-26 08:57 - 2013-05-17 01:14 - 00000000 ____D C:\ProgramData\Roxio
2013-05-26 07:28 - 2013-05-17 01:14 - 00000000 ____D C:\ProgramData\Sonic
2013-05-25 23:35 - 2013-05-25 23:35 - 00000000 ____D C:\ProgramData\StarApp
2013-05-25 22:46 - 2013-05-25 00:26 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Thinstall
2013-05-25 15:27 - 2013-05-23 23:50 - 00000000 ____D C:\Users\MLG\AppData\Local\Apps\F.lux
2013-05-25 15:22 - 2013-05-24 21:47 - 00002134 ____A C:\hcwDriverInstall.txt
2013-05-25 14:26 - 2013-05-25 13:53 - 00002386 ____A C:\ProgramData\hpzinstall.log
2013-05-25 14:00 - 2013-05-25 14:00 - 00000000 ____D C:\Users\MLG\AppData\Roaming\HP
2013-05-25 14:00 - 2013-05-25 14:00 - 00000000 ____D C:\ProgramData\WEBREG
2013-05-25 14:00 - 2013-05-25 13:53 - 00222876 ____A C:\Windows\hpwins24.dat
2013-05-25 14:00 - 2013-05-25 13:53 - 00000000 ____D C:\ProgramData\HP
2013-05-25 13:57 - 2013-05-25 13:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-25 13:57 - 2013-05-25 13:57 - 00000000 ____D C:\Windows\hpoj6000e609
2013-05-25 13:56 - 2013-05-25 13:56 - 00000000 ____D C:\Program Files (x86)\HP
2013-05-25 02:15 - 2013-05-25 02:15 - 00000000 ____D C:\Users\MLG\My Backup Files
2013-05-25 02:15 - 2013-05-23 12:20 - 00000000 ____D C:\Users\MLG\AppData\Local\SoftThinks
2013-05-25 02:15 - 2013-05-23 12:20 - 00000000 ____D C:\users\MLG
2013-05-25 02:14 - 2013-05-25 02:14 - 00000000 ____D C:\ProgramData\PCDr
2013-05-25 02:14 - 2013-05-23 23:52 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Dell
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\Documents\CyberLink
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\AppData\Roaming\CyberLink
2013-05-25 02:06 - 2013-05-25 02:06 - 00000000 ____D C:\Users\MLG\AppData\Local\Cyberlink
2013-05-25 02:06 - 2013-05-17 01:12 - 00000000 ____D C:\ProgramData\CyberLink
2013-05-25 01:57 - 2013-05-25 01:56 - 00000040 ____A C:\Windows\System32\test.txt
2013-05-25 01:52 - 2013-05-25 01:52 - 00000000 ____D C:\Program Files (x86)\My Channel Logos
2013-05-25 01:34 - 2013-05-25 01:34 - 00000000 ____D C:\Users\MLG\AppData\Roaming\NVIDIA
2013-05-25 01:34 - 2013-05-25 01:34 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Mad Head Games
2013-05-25 00:40 - 2013-05-25 00:40 - 00000000 ____D C:\Users\MLG\AppData\Local\MicroVision Applications
2013-05-25 00:30 - 2013-05-23 12:21 - 00000000 ____D C:\Users\MLG\AppData\Roaming\Roxio
2013-05-25 00:26 - 2013-05-25 00:26 - 00000000 ____D C:\Users\MLG\AppData\Local\Thinstall

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 09:13

==================== End Of Log ============================

Additional Txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2013
Ran by MLG at 2013-06-24 19:37:55
Running from C:\Users\MLG\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

µTorrent (x32 Version: 3.0.0)
6000E609_eDocs (x32 Version: 1.00.0000)
6000E609_Help (x32 Version: 1.00.0000)
6000E609a (x32 Version: 50.0.165.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.0.1) (x32 Version: 10.0.1)
Atheros Bluetooth Suite (64) (Version: 7.4.0.115)
BPDSoftware (x32 Version: 50.0.165.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 130.0.331.000)
calibre (x32 Version: 0.9.35)
calibre 64bit (Version: 0.9.31)
CCleaner (Version: 4.01)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
COMODO Internet Security (Version: 5.12.59641.2599)
ConvertXtoDVD 4.1.19.365 (x32 Version: 4.1.19.365)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67)
Dell DataSafe Local Backup (x32 Version: 9.4.67)
Dell Dock (Version: 2.0)
Dell Dock (x32 Version: 2.0)
Dell Support Center (Version: 3.1.5907.16)
Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0)
Digital Cable Advisor (Version: 1.0.0.0)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Expat Shield 2.25 (x32 Version: 2.25)
F.lux (HKCU)
Google Analytics Opt-out Browser Add-on (x32 Version: 0.9.1.0)
Google Update Helper (x32 Version: 1.3.21.145)
GuideTool (x32)
Halloween Spirit Board 2.1 (x32 Version: 2.1)
Hauppauge WinTV Infrared Remote (x32 Version: 2.65.27300)
Hauppauge WinTV IR Blaster (x32 Version: 7.3.27223)
Helium Music Manager 9.2.1 (x32 Version: 9.2.1.11480)
HP Officejet 6000 E609 Series (Version: 13.0)
ImgBurn (x32 Version: 2.5.7.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Codec Pack 9.9.0 (64-bit) (Version: 9.9.0)
Kyodai Mahjongg (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MiPony 2.0.5 (x32 Version: 2.0.5)
Movie Collector (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Channel Logos (x32 Version: 2.30.0.0)
Network64 (Version: 130.0.579.000)
NVIDIA Control Panel 296.33 (Version: 296.33)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Phenomenon 2 - Meteorite Collector's Edition (x32 Version: FINAL)
PhotoShowExpress (x32 Version: 2.0.063)
PlayReady PC Runtime amd64 (Version: 1.3.0)
ProductContext (x32 Version: 50.0.165.000)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6537)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Simple Adblock (x32 Version: 1.1.5)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Toolbox (x32 Version: 130.0.648.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Y!Fit (x32 Version: 1.00.0000)

==================== Restore Points  =========================

16-06-2013 18:59:07 OTL Restore Point - 6/16/2013 2:59:07 PM
18-06-2013 23:08:24 Removed Google Chrome
19-06-2013 00:55:45 Revo Uninstaller Pro's restore point - MiPony 1.4.0
19-06-2013 05:02:01 Revo Uninstaller Pro's restore point - AVG SafeGuard toolbar
19-06-2013 05:07:21 Revo Uninstaller Pro's restore point - AVG SafeGuard toolbar
19-06-2013 05:09:44 Revo Uninstaller Pro's restore point - AVG SafeGuard toolbar
19-06-2013 21:30:20 Installed calibre

==================== Hosts content: ==========================
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are more than 1000 lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {320DD33D-5115-416C-9A7E-B9D92FA72FBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19] (Google Inc.)
Task: {3B377A0E-3862-4D3F-AFAE-958EBE1A1A2A} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {463EE6B4-6200-43B7-B162-E47661BCF861} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {7F79ABCC-BD26-499D-A807-08043BB6E9F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19] (Google Inc.)
Task: {84AB8F8D-6103-449F-8C7A-D87738B07CB4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {8CDD8016-C765-4289-93A1-04B153EBB7E9} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A79F3017-868B-47D9-BC59-FEE9BDBFE41B} - System32\Tasks\{179F6E18-9417-49ED-9B1B-5A1B8543E8D9} => C:\Projects\Portable\Portable Atmosphere Deluxe 6.0\Clean-BDR.exe No File
Task: {BD15DB2E-39CC-4CBD-AB39-23157CA84250} - System32\Tasks\{A26823CD-F28C-4613-BC85-37615CBA0048} => C:\Projects\Portable\WinRARPortable\WinRARPortable.exe No File
Task: {CDFD6EBD-D18B-49A4-8543-FB329B82861A} - System32\Tasks\My Channel Logos Updater => C:\Program Files (x86)\My Channel Logos\mclupdater.exe [2012-08-19] (Microsoft)
Task: {FBCD041B-EA52-408B-87C1-20107EF65493} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2013 07:01:56 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/24/2013 06:33:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 08:54:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 06:33:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 03:04:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 11:52:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 09:27:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 08:24:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 02:36:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 02:15:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (06/23/2013 10:11:09 AM) (Source: DCOM) (User: MININT-K0SM3UF)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}MININT-K0SM3UFMLGS-1-5-21-3758777882-2260798585-635184093-1004LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 12248.94 MB
Available physical RAM: 9791.66 MB
Total Pagefile: 24496.07 MB
Available Pagefile: 21809.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:1849.34 GB) (Free:1637.54 GB) NTFS (Disk=0 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C7AC0BFF)
Partition 1: (Not Active) - (Size=-213307621376) - (Type=07 NTFS)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#13 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 24 June 2013 - 08:36 PM

Hi choo :)

Please re-try this

Drag the Combofix icon into the trash

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#14 choo

choo
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 24 June 2013 - 11:02 PM

I got it:ComboFix 13-06-24.01 - MLG 06/25/2013   0:16.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12249.10332 [GMT -4:00]
Running from: c:\users\MLG\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MLG\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-25 to 2013-06-25  )))))))))))))))))))))))))))))))
.
.
2013-06-25 04:19 . 2013-06-25 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 23:37 . 2013-06-24 23:37 -------- d-----w- C:\FRST
2013-06-23 03:02 . 2013-06-23 03:02 -------- d-----w- c:\windows\ERUNT
2013-06-23 03:01 . 2013-06-23 03:42 -------- d-----w- C:\JRT
2013-06-21 20:55 . 2013-06-21 20:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 20:55 . 2013-06-21 20:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-21 20:55 . 2013-06-21 20:55 -------- d-----w- c:\windows\system32\Macromed
2013-06-20 23:29 . 2009-08-12 14:20 65603 ----a-w- c:\windows\SysWow64\hcwIRblast.dll
2013-06-20 23:29 . 2008-01-22 00:52 299008 ----a-w- c:\windows\SysWow64\hcwzblast.dll
2013-06-20 23:29 . 2009-08-12 14:20 94271 ----a-w- c:\windows\SysWow64\hcwblast.ocx
2013-06-20 23:29 . 2009-03-10 23:27 73792 ----a-w- c:\windows\SysWow64\ChSuite.ocx
2013-06-20 23:26 . 2009-08-11 09:11 1562368 ----a-w- c:\windows\system32\drivers\hcw89.sys
2013-06-20 23:26 . 2009-08-11 09:10 128512 ----a-w- c:\windows\system32\HcwPrx89.ax
2013-06-20 23:26 . 2009-06-25 16:13 4001088 ----a-w- c:\windows\system32\drivers\HcwWiltF103.bin
2013-06-20 23:26 . 2006-09-08 11:36 99328 ----a-w- c:\windows\system32\hcwCP.ax
2013-06-20 01:01 . 2013-06-20 01:01 -------- d-----w- c:\users\MLG\AppData\Roaming\PuzzleLab
2013-06-19 22:03 . 2013-06-19 22:03 -------- d-----w- c:\program files (x86)\Phenomenon 2 - Meteorite Collector's Edition
2013-06-19 22:01 . 2013-06-19 22:01 -------- d-----w- c:\windows\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 22:01 . 2013-06-19 22:01 -------- d-----w- c:\program files (x86)\Untold History - Descendant of the Sun Collector's Edition
2013-06-19 21:30 . 2013-06-19 21:30 -------- d-----w- c:\program files (x86)\Calibre2
2013-06-19 03:17 . 2013-06-19 03:17 -------- d-----w- c:\program files (x86)\MP3Gain
2013-06-19 01:51 . 2013-06-21 05:55 -------- d-----w- c:\users\MLG\AppData\Roaming\Mipony
2013-06-19 01:50 . 2013-06-19 05:10 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-06-19 01:50 . 2013-06-19 01:51 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-06-19 01:50 . 2013-06-19 01:50 -------- d-----w- c:\program files (x86)\MiPony
2013-06-19 01:41 . 2013-06-19 01:41 -------- d-----w- c:\users\MLG\AppData\Local\COMODO
2013-06-18 23:29 . 2013-06-18 23:29 -------- d-----w- c:\users\MLG\AppData\Local\VS Revo Group
2013-06-18 23:29 . 2013-06-18 23:29 -------- d-----w- c:\programdata\VS Revo Group
2013-06-13 18:56 . 2013-06-13 18:56 -------- d-----w- c:\program files\Microsoft
2013-06-13 03:39 . 2013-06-13 03:39 -------- d-----w- c:\users\MLG\AppData\Roaming\Eipix
2013-06-12 18:14 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-12 16:38 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-08 21:41 . 2013-06-08 21:41 -------- d-----w- c:\programdata\vsosdk
2013-06-05 22:04 . 2013-06-05 22:05 -------- d-----w- c:\users\MLG\AppData\Roaming\ImgBurn
2013-06-04 01:50 . 2013-06-04 01:50 -------- d-----w- c:\users\MLG\AppData\Local\Chronicles of Albian
2013-06-01 14:46 . 2013-06-02 16:28 -------- d-----w- c:\programdata\Kodak
2013-05-29 22:18 . 2013-05-29 22:18 -------- d-----w- c:\program files\WinRAR
2013-05-28 04:32 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-28 04:32 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-28 04:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-05-28 04:32 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-28 04:32 . 2013-05-28 04:32 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2013-05-28 04:30 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-28 04:30 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-28 04:30 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-28 04:30 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-28 04:30 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-28 04:30 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-28 04:30 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-28 04:29 . 2012-06-09 17:21 206336 ----a-w- c:\windows\system32\unrar64.dll
2013-05-28 04:29 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-05-28 04:28 . 2013-04-29 18:00 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-05-28 04:28 . 2013-05-28 04:29 -------- d-----w- c:\program files\K-Lite Codec Pack x64
2013-05-28 04:26 . 2013-05-28 04:26 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-28 04:26 . 2013-05-28 04:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-05-28 04:21 . 2013-05-28 04:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-05-28 04:02 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-05-28 04:01 . 2013-05-28 04:01 -------- d-----w- c:\users\MLG\AppData\Local\WindowsUpdate
2013-05-28 04:01 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-05-28 04:01 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:17 . 2013-05-23 22:58 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-25 01:39 . 2013-05-25 01:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-25 01:39 . 2013-05-25 01:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-25 01:39 . 2013-05-25 01:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-25 01:38 . 2013-05-25 01:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-23 23:03 . 2013-05-23 23:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-23 23:03 . 2013-05-23 23:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-23 23:03 . 2013-05-23 23:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-23 23:03 . 2013-05-23 23:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-23 23:03 . 2013-05-23 23:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-23 23:03 . 2013-05-23 23:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-23 23:03 . 2013-05-23 23:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-23 23:03 . 2013-05-23 23:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-23 23:03 . 2013-05-23 23:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-23 23:03 . 2013-05-23 23:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-23 23:03 . 2013-05-23 23:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-23 23:03 . 2013-05-23 23:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-23 23:03 . 2013-05-23 23:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-23 23:03 . 2013-05-23 23:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-23 23:03 . 2013-05-23 23:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-23 23:03 . 2013-05-23 23:03 441856 ----a-w- c:\windows\system32\html.iec
2013-05-23 23:03 . 2013-05-23 23:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-23 23:03 . 2013-05-23 23:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-23 23:03 . 2013-05-23 23:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-23 23:03 . 2013-05-23 23:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-23 23:03 . 2013-05-23 23:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-23 23:03 . 2013-05-23 23:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-23 23:03 . 2013-05-23 23:03 235008 ----a-w- c:\windows\system32\url.dll
2013-05-23 23:03 . 2013-05-23 23:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-23 23:03 . 2013-05-23 23:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-23 23:03 . 2013-05-23 23:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-23 23:03 . 2013-05-23 23:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-23 23:03 . 2013-05-23 23:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-23 23:03 . 2013-05-23 23:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-23 23:03 . 2013-05-23 23:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-23 23:03 . 2013-05-23 23:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-23 23:03 . 2013-05-23 23:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-23 23:03 . 2013-05-23 23:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-23 23:03 . 2013-05-23 23:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-23 23:03 . 2013-05-23 23:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-23 23:03 . 2013-05-23 23:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-23 23:03 . 2013-05-23 23:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-23 23:03 . 2013-05-23 23:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-23 23:03 . 2013-05-23 23:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-23 23:03 . 2013-05-23 23:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-23 23:03 . 2013-05-23 23:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-23 23:03 . 2013-05-23 23:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-23 23:03 . 2013-05-23 23:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-23 23:03 . 2013-05-23 23:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-23 23:03 . 2013-05-23 23:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-23 23:03 . 2013-05-23 23:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-23 23:03 . 2013-05-23 23:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-23 23:03 . 2013-05-23 23:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-23 23:03 . 2013-05-23 23:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-23 23:02 . 2013-05-23 23:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-23 23:02 . 2013-05-23 23:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-23 23:02 . 2013-05-23 23:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-23 23:02 . 2013-05-23 23:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-23 23:02 . 2013-05-23 23:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-23 23:02 . 2013-05-23 23:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-23 23:02 . 2013-05-23 23:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-23 23:02 . 2013-05-23 23:02 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-23 23:02 . 2013-05-23 23:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-23 23:02 . 2013-05-23 23:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-23 23:02 . 2013-05-23 23:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-23 23:02 . 2013-05-23 23:02 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-23 23:02 . 2013-05-23 23:02 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-23 23:02 . 2013-05-23 23:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-23 23:02 . 2013-05-23 23:02 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-23 23:02 . 2013-05-23 23:02 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-23 23:02 . 2013-05-23 23:02 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-23 23:02 . 2013-05-23 23:02 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-23 23:02 . 2013-05-23 23:02 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-23 23:02 . 2013-05-23 23:02 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-23 23:02 . 2013-05-23 23:02 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-23 23:02 . 2013-05-23 23:02 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-23 23:02 . 2013-05-23 23:02 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-23 23:02 . 2013-05-23 23:02 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-23 23:02 . 2013-05-23 23:02 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-23 23:02 . 2013-05-23 23:02 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-23 23:02 . 2013-05-23 23:02 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-23 23:02 . 2013-05-23 23:02 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-23 23:02 . 2013-05-23 23:02 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-23 23:02 . 2013-05-23 23:02 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-23 23:02 . 2013-05-23 23:02 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\MLG\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\MLG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe /QUIET [2013-6-20 117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/05/17 00:12;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [x]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [x]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe;c:\program files (x86)\Expat Shield\bin\hsswd.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys;c:\windows\SYSNATIVE\DRIVERS\hcw89.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 15:33]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 15:33]
.
2013-06-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 02:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Hauppauge WinTV Infrared Remote - c:\progra~2\WinTV\UNir32.EXE
AddRemove-{82D83B51-B74F-0EC6-BA3C-D2C9994C2EDD} - c:\progra~3\INSTAL~1\{272FE~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MiPony.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MiPony.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
Completion time: 2013-06-25  00:21:01
ComboFix-quarantined-files.txt  2013-06-25 04:21
.
Pre-Run: 1,768,937,959,424 bytes free
Post-Run: 1,768,763,322,368 bytes free
.
- - End Of File - - 9C4B692F3104577755A90F3DB4727CE0
D41D8CD98F00B204E9800998ECF8427E
 


Edited by choo, 24 June 2013 - 11:23 PM.


#15 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 26 June 2013 - 12:03 AM

Good choo :)

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache
In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Next


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    On your next reply please post :
  • MBAM log
  • ESET Report
  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

Edited by Robybel, 26 June 2013 - 12:04 AM.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users