Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search.conduit.com has hijacked my IE 10 Browser


  • This topic is locked This topic is locked
29 replies to this topic

#1 jsbeazley

jsbeazley

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 July 2013 - 10:18 PM

My son installed a bittorrent software and IE has been hijacked.  I have tried every solution to no avail.  The software that had the hijacker has been removed, and many scans/fixes tried but it is BACK!!!  Please help me clean up this machine.

 

thanks,

 

Scott.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 17 July 2013 - 11:51 PM



Hello Scott

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 18 July 2013 - 05:12 PM

Thanks Gringo.  Sorry for taking a while to reply.  Here are the logs.  I really appreciate your help!

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Scott at 17:01:41 on 2013-07-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1472 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Scott\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\FK_Monitor\freeklogger.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN39804339159516822&UM=2&UP=SPFCD00046-F58E-404F-B989-798B5D060B00
mStart Page = hxxps://news.google.com/nwshp?hl=en&tab=wn
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.4.0.40\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Google Update] "c:\users\scott\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\scott\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
uRun: [freeklogger.exe] c:\program files\fk_monitor\freeklogger.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Greenshot] c:\program files\greenshot\Greenshot.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [*ForceDelete] c:\users\scott\desktop\scans & cleaners\AdwCleaner.exe /forcedelete
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: RestrictRun = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: RestrictRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableStartupSound = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.libproxy.edmc.edu/lib/argosy/support/plugins/ebraryRdr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{3AD6ACFA-43E3-485E-82DF-CA7908E28B52} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{45F8D7D3-9AD9-40BC-A917-FB6CBE826534} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{53249585-5526-401A-AD95-39086E604AF3} : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{6784D273-4467-4FCC-9651-F7DA9EE66D06} : DHCPNameServer = 198.224.148.135 198.224.149.135
TCP: Interfaces\{85848788-24B5-4BEE-8C3F-08D472EF97EA} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{88C30E80-DC95-4129-95F9-AE88189BAA6E} : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{88C30E80-DC95-4129-95F9-AE88189BAA6E}\265616A7C6569786F6D656 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{88C30E80-DC95-4129-95F9-AE88189BAA6E}\D656469616C696E6B6 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{88C30E80-DC95-4129-95F9-AE88189BAA6E}\D656469616C696E6B6F5232403346303 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{99316F0D-6B72-4366-8596-ED19EEDC7628} : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{F288968C-F999-4F77-90C5-BC365BDF96EB} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-7-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-7-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-7-16 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130717.001\IDSvix86.sys [2013-7-17 386720]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-18 223864]
R1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2011-3-9 33568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-7-16 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1404000.028\symnets.sys [2013-7-16 339544]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-10-19 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-8-24 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-25 47640]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000w7.sys [2011-5-6 841504]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-2-21 299024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-13 275048]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-18 94584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-2-10 79360]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-27 25088]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\setup files\ms7309va60\NTIOLib.sys [2011-1-6 7680]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-18 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-18 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\svrtservice.exe --> c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-16 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-07-18 02:58:41 -------- d-----w- c:\windows\ERUNT
2013-07-18 02:35:23 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-17 20:23:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-17 20:07:40 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-07-16 17:54:46 388096 ----a-r- c:\users\scott\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-16 17:54:45 -------- d-----w- c:\program files\Trend Micro
2013-07-16 17:51:39 15616 ----a-w- c:\windows\system32\TrueSight.sys
2013-07-16 09:39:04 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys
2013-07-16 09:39:04 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys
2013-07-16 09:39:04 339544 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symnets.sys
2013-07-16 09:39:04 21400 ----a-r- c:\windows\system32\drivers\n360\1404000.028\symelam.sys
2013-07-16 09:39:03 32344 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtspx.sys
2013-07-16 09:39:02 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-07-16 09:39:02 175264 ----a-r- c:\windows\system32\drivers\n360\1404000.028\ironx86.sys
2013-07-16 09:39:01 134744 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys
2013-07-16 09:38:39 14818 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symvtcer.dat
2013-07-16 09:38:39 -------- d-----w- c:\windows\system32\drivers\n360\1404000.028
2013-07-16 02:10:55 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-07-16 02:09:16 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-15 17:19:06 319488 ----a-w- c:\windows\HideWin.exe
2013-07-13 15:31:58 -------- d-----w- c:\users\scott\appdata\local\949AF789-604A-4560-9D9E-0C9980D6118E.aplzod
2013-07-11 03:07:12 -------- d-----w- c:\program files\Loaris
2013-07-11 02:02:10 -------- d-----w- c:\program files\HitmanPro
2013-07-11 01:57:51 -------- d-----w- c:\programdata\HitmanPro
2013-07-10 22:09:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-09 16:45:44 -------- d-----w- c:\program files\CCleaner
2013-07-06 03:45:02 -------- d-----w- c:\users\scott\appdata\local\CRE
2013-07-05 17:41:07 -------- d-----w- c:\programdata\StarApp
2013-06-25 18:53:13 -------- d-----w- c:\users\scott\appdata\roaming\Greenshot
2013-06-25 18:53:13 -------- d-----w- c:\users\scott\appdata\local\Greenshot
2013-06-25 18:35:54 -------- d-----w- c:\program files\Greenshot
2013-06-25 17:11:30 -------- d-----w- c:\users\scott\appdata\roaming\CineGobs
.
==================== Find3M  ====================
.
2013-07-17 20:23:06 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-17 20:23:06 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-16 16:40:10 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-16 02:10:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-16 02:09:16 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-13 04:12:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-13 04:12:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 03:12:11 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 03:12:10 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 03:12:09 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-08 03:12:09 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-02 03:12:10 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST310005 rev.CC46 -> Harddisk1\DR1 -> \Device\00000096
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C01000]<< >>UNKNOWN [0x8BE53000]<< >>UNKNOWN [0x8BE42000]<< >>UNKNOWN [0x83395000]<< >>UNKNOWN [0x83013000]<< >>UNKNOWN [0x8B56D000]<< >>UNKNOWN [0x8B5B5000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82C3855A] -> \Device\Harddisk1\DR1[0x866B5030]
\Driver\Disk[0x866AD7E0] -> IRP_MJ_CREATE -> 0x8BE5739F
3 [0x8BE5759E] -> ntkrnlpa!IofCallDriver[0x82C3855A] -> [0x85F128D8]
\Driver\ACPI[0x85562700] -> IRP_MJ_CREATE -> 0x8339E4CC
5 [0x8339E3D4] -> ntkrnlpa!IofCallDriver[0x82C3855A] -> \Device\00000096[0x85F12C20]
\Driver\nvstor32[0x85F79938] -> IRP_MJ_CREATE -> 0x8B5A5B26
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:06:11.16 ===============
 

attach:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-01-12 17:19:57
System Uptime: 2013-07-17 22:00:02 (19 hours ago)
.
Motherboard: MSI |  | K9N6PGM2-V2 (MS-7309) 
Processor: AMD Phenom™ II X4 B93 Processor | CPU1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 241.697 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 228 GiB total, 109.636 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SB Audigy
Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00\4&1F7FA0A&0&5020
Manufacturer: Creative Technology Ltd.
Name: SB Audigy
PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00\4&1F7FA0A&0&5020
Service: P17
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: iPodDrv
Device ID: ROOT\LEGACY_IPODDRV\0000
Manufacturer:
Name: iPodDrv
PNP Device ID: ROOT\LEGACY_IPODDRV\0000
Service: iPodDrv
.
==== System Restore Points ===================
.
RP953: 2013-06-17 00:00:03 - Scheduled Checkpoint
RP954: 2013-06-24 05:42:34 - Scheduled Checkpoint
RP955: 2013-07-01 22:54:33 - Installed Java 7 Update 25
RP957: 2013-07-07 14:48:37 - Revo Uninstaller's restore point - µTorrent
RP959: 2013-07-07 14:52:11 - Revo Uninstaller's restore point - Google Chrome
RP961: 2013-07-07 14:54:21 - Revo Uninstaller's restore point - Search Protect by conduit
RP963: 2013-07-07 14:55:48 - Revo Uninstaller's restore point - uTorrentControl_v6 Toolbar
RP965: 2013-07-08 11:14:34 - Revo Uninstaller's restore point - Google SketchUp 8
RP966: 2013-07-08 11:15:02 - Removed Google SketchUp 8
RP968: 2013-07-08 13:35:42 - Revo Uninstaller's restore point - PC Cleaners
RP969: 2013-07-10 09:56:08 - Restore Operation
RP970: 2013-07-10 09:56:28 - Restore Operation
RP971: 2013-07-10 18:02:55 - Installed Microsoft Fix it 50267
RP973: 2013-07-10 18:38:10 - Revo Uninstaller's restore point - CineGobs Keyer 2.3.0.123
RP975: 2013-07-10 21:26:41 - Revo Uninstaller's restore point - uTorrentControl_v6 Toolbar
RP977: 2013-07-10 21:28:13 - Revo Uninstaller's restore point - Search Protect by conduit
RP979: 2013-07-15 12:19:25 - Installed Realtek AC'97 Audio
RP980: 2013-07-15 21:06:15 - Windows Modules Installer
RP981: 2013-07-16 12:54:15 - Installed HiJackThis
RP982: 2013-07-17 15:20:19 - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Adobe Shockwave Player 12.0
Amazon Kindle
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Audacity 2.0
Auslogics Registry Cleaner
Auslogics Registry Defrag
Bonjour
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco Connect
Connect by Quickoffice
Contents
Corel VideoStudio Pro X5
Coupon Printer for Windows
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties
D3DX10
Dragon NaturallySpeaking 11
Dropbox
DualCoreCenter
eReg
Finale NotePad 2012
Free_Key_logger
Google Calendar Sync
Google Earth
Google SketchUp 8
Google Update Helper
Greenshot 1.1.4.2622
HiJackThis
HitmanPro 3.7
Hoyle Friday Night Poker
HSF2014 56K Data Fax Modem
ICA
iCloud
iPhone Backup Extractor
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Linksys Wireless-G PCI Adapter
Logitech SetPoint 6.20
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Manilla
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSRedist
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
Music Manager
NoMoreDupes for Outlook
Norton Bootable Recovery Tool Wizard
Norton Security Suite
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 306.23
NVIDIA Control Panel 306.23
NVIDIA Graphics Driver 306.23
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Outlook Recovery Wizard
Prism Video File Converter
QuickTime
Realtek AC'97 Audio
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Seagate DiscWizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SereneScreen Marine Aquarium 3
Setup
Share
Skype Toolbars
Skype™ 6.3
SmartSound Common Data
SmartSound Quicktracks 5
SpongeBob SquarePants Typing
SUPERAntiSpyware
swMSM
TaxCut Minnesota 2008
TaxCut Premium + State + Efile 2008
thinkorswim from TD AMERITRADE
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmniper
TurboTax 2009 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmniper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmniper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Movie Studio HD 11.0
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
VSClassic
VSHelp
VSPro
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinGeno
Write-N-Cite
Xvid 1.2.1 final uninstall
.
==== End Of File ===========================
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 18 July 2013 - 07:28 PM



Hello jsbeazley

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 July 2013 - 09:31 AM

Hi Gringo - here are the logs:

 

AdwCleaner:

 

# AdwCleaner v2.305 - Logfile created 07/19/2013 at 09:11:39
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Scott - SCOTT-PC
# Boot Mode : Normal
# Running from : C:\Users\Scott\Desktop\Scans & Cleaners\AdwCleaner.exe
# Option [Delete]

 

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN39804339159516822&UM=2&UP=SPFCD00046-F58E-404F-B989-798B5D060B00 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [3647 octets] - [10/07/2013 20:48:41]
AdwCleaner[R2].txt - [2132 octets] - [17/07/2013 21:34:28]
AdwCleaner[R3].txt - [1133 octets] - [17/07/2013 22:22:10]
AdwCleaner[R4].txt - [1252 octets] - [19/07/2013 09:10:51]
AdwCleaner[S1].txt - [3825 octets] - [10/07/2013 20:49:22]
AdwCleaner[S2].txt - [2260 octets] - [17/07/2013 21:35:19]
AdwCleaner[S3].txt - [335 octets] - [17/07/2013 22:22:41]
AdwCleaner[S4].txt - [1226 octets] - [19/07/2013 09:11:39]

########## EOF - C:\AdwCleaner[S4].txt - [1286 octets] ##########

 

 

JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Professional x86
Ran by Scott on 2013-07-19 at  9:22:01.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2369345896-3366982642-4062679620-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-07-19 at  9:25:28.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Just a note - when I opened my browser to post these, the hijack was still happening.

 

thanks,

 

Scott.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 19 July 2013 - 11:11 AM


Hello jsbeazley

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 July 2013 - 12:30 PM

Gringo,

 

Here is the Combofix log:

 

ComboFix 13-07-18.04 - Scott 2013-07-19  12:09:52.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1797 [GMT -5:00]
Running from: c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHPHUH20\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Scott\AppData\Local\assembly\tmp
c:\users\Scott\AppData\Roaming\poclbm
c:\users\Scott\AppData\Roaming\poclbm\poclbm.ini
c:\windows\msvcr71.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Scott\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\UpdatusUser.Scott-PC\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Mcx1-SCOTT-PC\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Hannah.Scott-PC\AppData\Local\temp
2013-07-19 17:24 . 2013-07-19 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-18 02:58 . 2013-07-18 02:58 -------- d-----w- c:\windows\ERUNT
2013-07-18 02:35 . 2013-07-19 14:11 196 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-17 20:23 . 2013-07-17 20:23 -------- d-----w- c:\program files\Common Files\Java
2013-07-17 20:23 . 2013-07-17 20:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-17 20:07 . 2012-08-09 01:50 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-07-16 17:54 . 2013-07-16 17:54 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-16 17:54 . 2013-07-16 17:54 -------- d-----w- c:\program files\Trend Micro
2013-07-16 17:51 . 2013-07-16 17:51 15616 ----a-w- c:\windows\system32\TrueSight.sys
2013-07-16 09:38 . 2013-07-17 20:05 -------- d-----w- c:\windows\system32\drivers\N360\1404000.028
2013-07-16 02:10 . 2013-07-16 02:10 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-07-16 02:09 . 2013-07-16 02:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-15 17:19 . 2013-07-15 17:19 319488 ----a-w- c:\windows\HideWin.exe
2013-07-13 15:31 . 2013-07-19 17:03 -------- d-----w- c:\users\Scott\AppData\Local\949AF789-604A-4560-9D9E-0C9980D6118E.aplzod
2013-07-11 03:07 . 2013-07-11 03:07 -------- d-----w- c:\program files\Loaris
2013-07-11 02:02 . 2013-07-11 02:02 -------- d-----w- c:\program files\HitmanPro
2013-07-11 01:57 . 2013-07-11 02:16 -------- d-----w- c:\programdata\HitmanPro
2013-07-10 22:09 . 2013-07-10 22:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-09 16:45 . 2013-07-10 15:07 -------- d-----w- c:\program files\CCleaner
2013-07-06 03:45 . 2013-07-06 03:45 -------- d-----w- c:\users\Scott\AppData\Local\CRE
2013-07-05 17:41 . 2013-07-05 17:41 -------- d-----w- c:\programdata\StarApp
2013-07-02 03:52 . 2013-07-02 03:52 -------- d-----w- c:\program files\Common Files\Skype
2013-06-25 18:53 . 2013-07-10 15:08 -------- d-----w- c:\users\Scott\AppData\Roaming\Greenshot
2013-06-25 18:53 . 2013-06-25 18:53 -------- d-----w- c:\users\Scott\AppData\Local\Greenshot
2013-06-25 18:35 . 2013-06-25 18:35 -------- d-----w- c:\program files\Greenshot
2013-06-25 17:11 . 2013-06-25 17:11 -------- d-----w- c:\users\Scott\AppData\Roaming\CineGobs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 20:23 . 2012-08-07 20:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-17 20:23 . 2010-05-06 18:43 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-16 16:40 . 2011-06-05 17:54 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-13 04:12 . 2012-04-09 21:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-13 04:12 . 2011-11-06 17:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:12 . 2012-10-25 15:05 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 03:12 . 2012-10-25 15:05 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 03:12 . 2012-10-25 15:05 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 03:12 . 2012-10-25 15:05 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-02 03:12 . 2012-10-25 15:05 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak
2013-05-14 20:54 . 2012-07-01 02:50 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-20 18:04 220624 ----a-w- c:\users\Scott\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-20 18:04 220624 ----a-w- c:\users\Scott\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-20 18:04 220624 ----a-w- c:\users\Scott\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ConnectIconOverlay]
@="{DBD570EA-A7A5-46AA-A7DA-E5E807467F34}"
[HKEY_CLASSES_ROOT\CLSID\{DBD570EA-A7A5-46AA-A7DA-E5E807467F34}]
2012-03-25 23:51 450048 ----a-w- c:\program files\Connect by Quickoffice\ContextmenuShlExt_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ConnectIconOverlay2]
@="{DBD570EA-A7A5-46AA-A7DA-E5E807467F35}"
[HKEY_CLASSES_ROOT\CLSID\{DBD570EA-A7A5-46AA-A7DA-E5E807467F35}]
2012-03-25 23:51 450048 ----a-w- c:\program files\Connect by Quickoffice\ContextmenuShlExt_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 22:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 4760816]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"MusicManager"="c:\users\Scott\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-06-20 7345664]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
"HijackThis startup scan"="c:\program files\Trend Micro\HiJackThis\HijackThis.exe" [2010-03-25 388096]
"freeklogger.exe"="c:\program files\FK_Monitor\freeklogger.exe" [2012-07-13 794624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-10-10 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-05-08 499712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-10 79360]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-27 25088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files\MSI\Super-Charger\NTIOLib.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\Setup Files\Ms7309vA60\NTIOLib.sys [2011-01-06 7680]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 72312]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-07-02 1002072]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130718.001\IDSvix86.sys [2013-07-09 386720]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 223864]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2011-03-09 33568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\Ironx86.SYS [2012-07-28 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-09-07 116608]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-02 13624]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-17 431456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-03-23 841504]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 299024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 04:12]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 20:48]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 20:48]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2369345896-3366982642-4062679620-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30 16:57]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2369345896-3366982642-4062679620-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN39804339159516822&UM=2&UP=SPFCD00046-F58E-404F-B989-798B5D060B00
mStart Page = https://news.google.com/nwshp?hl=en&tab=wn
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-90703917.sys
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2013-07-19  12:27:17
ComboFix-quarantined-files.txt  2013-07-19 17:27
.
Pre-Run: 261,186,146,304 bytes free
Post-Run: 261,101,785,088 bytes free
.
- - End Of File - - 0EB18699171CE00F444A4ABE63C95211
A36C5E4F47E84449FF07ED3517B43A31
 

 

Browser still hijacked....



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 19 July 2013 - 12:59 PM


Hello jsbeazley

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 July 2013 - 01:50 PM

Hi Gringo,
 
Here is the TDSSKiller log (attachment)

Attached Files



#10 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 19 July 2013 - 01:51 PM

and Roguekiller (both files as the filenames were not (1) and (2):

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Scott [Admin rights]
Mode : Remove -- Date : 07/19/2013 13:36:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF7CA9 -> HOOKED (Unknown @ 0x88DF8810)
[Address] SSDT[14] : NtAlertThread @ 0x82E4ABC0 -> HOOKED (Unknown @ 0x88DF88F0)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E43BCC -> HOOKED (Unknown @ 0x88DFA448)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8F44E -> HOOKED (Unknown @ 0x8705EBE8)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E18FCA -> HOOKED (Unknown @ 0x88DFBC40)
[Address] SSDT[74] : NtCreateMutant @ 0x82E2A28E -> HOOKED (Unknown @ 0x88DF8560)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E1B8ED -> HOOKED (Unknown @ 0x88DFB960)
[Address] SSDT[87] : NtCreateThread @ 0x82EF5ED6 -> HOOKED (Unknown @ 0x88DFA890)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82E8A34B -> HOOKED (Unknown @ 0x88DFBA50)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC7DB0 -> HOOKED (Unknown @ 0x88DFBD20)
[Address] SSDT[111] : NtDuplicateObject @ 0x82E4B65A -> HOOKED (Unknown @ 0x88DFA5D8)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CD347A -> HOOKED (Unknown @ 0x88DF8FC0)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E0F8BC -> HOOKED (Unknown @ 0x88DF8650)
[Address] SSDT[147] : NtImpersonateThread @ 0x82E9384C -> HOOKED (Unknown @ 0x88DF8730)
[Address] SSDT[155] : NtLoadDriver @ 0x82DDFBFC -> HOOKED (Unknown @ 0x8706D780)
[Address] SSDT[168] : NtMapViewOfSection @ 0x82E60512 -> HOOKED (Unknown @ 0x88DF8EE0)
[Address] SSDT[177] : NtOpenEvent @ 0x82E29C8A -> HOOKED (Unknown @ 0x88DF8480)
[Address] SSDT[190] : NtOpenProcess @ 0x82E2BAD4 -> HOOKED (Unknown @ 0x88DFA778)
[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7E21F -> HOOKED (Unknown @ 0x88DFA518)
[Address] SSDT[194] : NtOpenSection @ 0x82E8389B -> HOOKED (Unknown @ 0x88DFBF48)
[Address] SSDT[198] : NtOpenThread @ 0x82E77F95 -> HOOKED (Unknown @ 0x88DFA6A8)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E5C581 -> HOOKED (Unknown @ 0x88DFBB50)
[Address] SSDT[304] : NtResumeThread @ 0x82E8A572 -> HOOKED (Unknown @ 0x88DF89D0)
[Address] SSDT[316] : NtSetContextThread @ 0x82EF7755 -> HOOKED (Unknown @ 0x88DF8C70)
[Address] SSDT[333] : NtSetInformationProcess @ 0x82E5276D -> HOOKED (Unknown @ 0x88DF8D50)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6826C -> HOOKED (Unknown @ 0x88DFBE00)
[Address] SSDT[366] : NtSuspendProcess @ 0x82EF7BE3 -> HOOKED (Unknown @ 0x88DFB008)
[Address] SSDT[367] : NtSuspendThread @ 0x82EAF085 -> HOOKED (Unknown @ 0x88DF8AB0)
[Address] SSDT[370] : NtTerminateProcess @ 0x82E74BCD -> HOOKED (Unknown @ 0x88DE97D8)
[Address] SSDT[371] : unknown @ 0x82E92584 -> HOOKED (Unknown @ 0x88DF8B90)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E7E85A -> HOOKED (Unknown @ 0x88DF8E20)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E7992A -> HOOKED (Unknown @ 0x88DFA330)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x88E0E740)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8890A6B0)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88DF52C0)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88DF75A0)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8890A770)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88DFA9C0)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88DF6368)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x88DFAA90)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x88E0E5B8)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88E0E640)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT72252 5DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 3ee1c1316625323ee268b53ba453c297
[BSP] 2a74de07b0f1484f22137f000201a12f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 233938 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 479106495 | Size: 4533 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: HDT72252 5DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 4dd3b1f7e4b704910d0d9e093532feb5
[BSP] fc9360bdaf6e596636c8e74ff1609446 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 935739 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1916393850 | Size: 18128 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07192013_133629.txt >>
RKreport[0]_S_07192013_133612.txt

 

 

NEXT:

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Scott [Admin rights]
Mode : Scan -- Date : 07/19/2013 13:36:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF7CA9 -> HOOKED (Unknown @ 0x88DF8810)
[Address] SSDT[14] : NtAlertThread @ 0x82E4ABC0 -> HOOKED (Unknown @ 0x88DF88F0)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E43BCC -> HOOKED (Unknown @ 0x88DFA448)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8F44E -> HOOKED (Unknown @ 0x8705EBE8)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E18FCA -> HOOKED (Unknown @ 0x88DFBC40)
[Address] SSDT[74] : NtCreateMutant @ 0x82E2A28E -> HOOKED (Unknown @ 0x88DF8560)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E1B8ED -> HOOKED (Unknown @ 0x88DFB960)
[Address] SSDT[87] : NtCreateThread @ 0x82EF5ED6 -> HOOKED (Unknown @ 0x88DFA890)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82E8A34B -> HOOKED (Unknown @ 0x88DFBA50)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC7DB0 -> HOOKED (Unknown @ 0x88DFBD20)
[Address] SSDT[111] : NtDuplicateObject @ 0x82E4B65A -> HOOKED (Unknown @ 0x88DFA5D8)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CD347A -> HOOKED (Unknown @ 0x88DF8FC0)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E0F8BC -> HOOKED (Unknown @ 0x88DF8650)
[Address] SSDT[147] : NtImpersonateThread @ 0x82E9384C -> HOOKED (Unknown @ 0x88DF8730)
[Address] SSDT[155] : NtLoadDriver @ 0x82DDFBFC -> HOOKED (Unknown @ 0x8706D780)
[Address] SSDT[168] : NtMapViewOfSection @ 0x82E60512 -> HOOKED (Unknown @ 0x88DF8EE0)
[Address] SSDT[177] : NtOpenEvent @ 0x82E29C8A -> HOOKED (Unknown @ 0x88DF8480)
[Address] SSDT[190] : NtOpenProcess @ 0x82E2BAD4 -> HOOKED (Unknown @ 0x88DFA778)
[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7E21F -> HOOKED (Unknown @ 0x88DFA518)
[Address] SSDT[194] : NtOpenSection @ 0x82E8389B -> HOOKED (Unknown @ 0x88DFBF48)
[Address] SSDT[198] : NtOpenThread @ 0x82E77F95 -> HOOKED (Unknown @ 0x88DFA6A8)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E5C581 -> HOOKED (Unknown @ 0x88DFBB50)
[Address] SSDT[304] : NtResumeThread @ 0x82E8A572 -> HOOKED (Unknown @ 0x88DF89D0)
[Address] SSDT[316] : NtSetContextThread @ 0x82EF7755 -> HOOKED (Unknown @ 0x88DF8C70)
[Address] SSDT[333] : NtSetInformationProcess @ 0x82E5276D -> HOOKED (Unknown @ 0x88DF8D50)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6826C -> HOOKED (Unknown @ 0x88DFBE00)
[Address] SSDT[366] : NtSuspendProcess @ 0x82EF7BE3 -> HOOKED (Unknown @ 0x88DFB008)
[Address] SSDT[367] : NtSuspendThread @ 0x82EAF085 -> HOOKED (Unknown @ 0x88DF8AB0)
[Address] SSDT[370] : NtTerminateProcess @ 0x82E74BCD -> HOOKED (Unknown @ 0x88DE97D8)
[Address] SSDT[371] : unknown @ 0x82E92584 -> HOOKED (Unknown @ 0x88DF8B90)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E7E85A -> HOOKED (Unknown @ 0x88DF8E20)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E7992A -> HOOKED (Unknown @ 0x88DFA330)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x88E0E740)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8890A6B0)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88DF52C0)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88DF75A0)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8890A770)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88DFA9C0)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88DF6368)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x88DFAA90)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x88E0E5B8)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88E0E640)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT72252 5DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 3ee1c1316625323ee268b53ba453c297
[BSP] 2a74de07b0f1484f22137f000201a12f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 233938 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 479106495 | Size: 4533 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: HDT72252 5DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 4dd3b1f7e4b704910d0d9e093532feb5
[BSP] fc9360bdaf6e596636c8e74ff1609446 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 935739 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1916393850 | Size: 18128 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07192013_133612.txt >>

 

 

Browser still hijacked...

 

Scott.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 20 July 2013 - 05:49 AM



Hello Scott

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 July 2013 - 09:41 AM

Hi Gringo:

 

Here are the OTL logs:

 

OTL logfile created on: 2013-07-20 09:06:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop\Scans & Cleaners
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.10% Memory free
6.01 Gb Paging File | 4.55 Gb Available in Paging File | 75.71% Paging File free
Paging file location(s): c:\pagefile.sys 3083 4606 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 913.81 Gb Total Space | 241.74 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 228.46 Gb Total Space | 109.64 Gb Free Space | 47.99% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Scott\Desktop\Scans & Cleaners\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Greenshot\Greenshot.exe (Greenshot)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\53a781dbfe9467ce1127ded5fd6a8e3c\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GreenshotPlugin\4f5fa322dc819946473e216afddbc5cf\GreenshotPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Greenshot\8ed70243c2d26faf679fbc44d77fb8fb\Greenshot.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\51fe07d5205cd85d996af305a38b3770\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\a742a8349d819f1b6fdddab4e7501c65\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (SophosVirusRemovalTool) -- C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NTIOLib_1_0_3) -- C:\Program Files\MSI\Super-Charger\NTIOLib.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (iPodDrv) -- C:\Windows\system32\drivers\iPodDrv.sys File not found
DRV - (cpuz132) -- C:\Users\Scott\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\Scott\AppData\Local\Temp\catchme.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130719.020\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130719.020\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (GFI Software)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (GFI Software)
DRV - (sbwtis) -- C:\Windows\System32\drivers\sbwtis.sys (GFI Software)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (GFI Software)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (GFI Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SCT_SKMScan) -- C:\Windows\System32\drivers\sct_skmscan.sys (Sophos Plc)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)
DRV - (NTIOLib_1_0_6) -- C:\Program Files\Setup Files\Ms7309vA60\NTIOLib.sys (MSI)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\WMP54Gv41x86.sys (Ralink Technology, Corp.)
DRV - (AE1000) -- C:\Windows\System32\drivers\ae1000w7.sys (Ralink Technology Corp.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/nwshp?hl=en&tab=wn
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN39804339159516822&UM=2&UP=SPFCD00046-F58E-404F-B989-798B5D060B00
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\..\SearchScopes,DefaultScope = {46A1EF76-9881-4396-9A99-E653F2203096}
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\..\SearchScopes\{46A1EF76-9881-4396-9A99-E653F2203096}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013-07-20 03:59:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013-07-10 10:07:27 | 000,000,000 | ---D | M]
 
[2013-07-05 22:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\extensions
[2013-07-10 10:07:14 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
 
O1 HOSTS File: ([2013-07-19 12:24:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [freeklogger.exe] C:\Program Files\FK_Monitor\freeklogger.exe ()
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [MusicManager] C:\Users\Scott\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [freeklogger.exe] C:\Program Files\FK_Monitor\freeklogger.exe ()
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [MusicManager] C:\Users\Scott\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.libproxy.edmc.edu/lib/argosy/support/plugins/ebraryRdr.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD6ACFA-43E3-485E-82DF-CA7908E28B52}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45F8D7D3-9AD9-40BC-A917-FB6CBE826534}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53249585-5526-401A-AD95-39086E604AF3}: DhcpNameServer = 68.87.77.134 68.87.72.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6784D273-4467-4FCC-9651-F7DA9EE66D06}: DhcpNameServer = 198.224.148.135 198.224.149.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85848788-24B5-4BEE-8C3F-08D472EF97EA}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A24B3A-4F8C-46E5-83A1-D32C0461DD86}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C30E80-DC95-4129-95F9-AE88189BAA6E}: DhcpNameServer = 68.87.77.134 68.87.72.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316F0D-6B72-4366-8596-ED19EEDC7628}: DhcpNameServer = 68.87.77.134 68.87.72.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F288968C-F999-4F77-90C5-BC365BDF96EB}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-07-20 03:35:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013-07-20 03:35:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013-07-20 03:13:20 | 002,557,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013-07-19 18:46:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013-07-19 18:46:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013-07-19 18:46:05 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-07-19 18:45:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013-07-19 18:45:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013-07-19 18:45:45 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013-07-19 18:45:45 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013-07-19 18:45:41 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013-07-19 18:45:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013-07-19 18:45:34 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-07-19 18:45:34 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013-07-19 18:45:27 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-07-19 18:45:25 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-07-19 18:45:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013-07-19 18:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013-07-19 18:45:12 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013-07-19 18:45:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013-07-19 18:45:08 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013-07-19 18:45:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013-07-19 18:44:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013-07-19 18:44:41 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013-07-19 18:44:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-07-19 18:44:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013-07-19 18:44:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013-07-19 18:44:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013-07-19 18:44:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013-07-19 18:42:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013-07-19 18:42:34 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013-07-19 12:27:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-07-19 12:27:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-07-19 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
[2013-07-19 12:05:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-07-19 12:05:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-07-19 12:05:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-07-19 11:50:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-07-19 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Beeping
[2013-07-17 21:58:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-07-17 15:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-07-17 15:23:25 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-17 15:23:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-17 15:23:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-17 15:23:13 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-17 15:07:40 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013-07-16 12:54:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013-07-16 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013-07-15 21:11:30 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-07-15 21:11:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-07-15 21:11:30 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-07-15 21:11:30 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-07-15 21:11:30 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-07-15 21:11:30 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-07-15 21:11:30 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-07-15 21:11:30 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-07-15 21:11:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-07-15 21:11:30 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-07-15 21:11:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-07-15 21:11:30 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-07-15 21:11:30 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-07-15 21:11:30 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-07-15 21:11:30 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-07-15 21:11:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-07-15 21:11:30 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-07-15 21:11:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-07-15 21:11:30 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-07-15 21:11:30 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-07-15 21:11:30 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-07-15 21:11:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-07-15 21:11:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-07-15 21:11:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-07-15 21:11:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-07-15 21:11:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-07-15 21:11:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-07-15 21:11:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-07-15 21:11:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-07-15 21:11:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-07-15 21:11:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-07-15 21:11:30 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-07-15 21:11:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-07-15 21:11:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-07-15 21:11:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-07-15 21:11:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-07-15 21:10:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013-07-15 21:09:16 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-07-15 21:09:16 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-07-15 21:09:16 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-07-15 21:09:16 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-07-15 21:09:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-07-15 21:09:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-07-15 21:09:16 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-07-15 21:09:16 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-07-15 21:09:16 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-07-15 21:09:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-07-15 21:09:16 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-07-15 21:09:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-07-15 21:09:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-07-15 21:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-07-15 21:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-07-15 21:09:15 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-07-15 21:09:15 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-07-15 21:09:15 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-07-15 21:09:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-07-15 21:09:15 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-07-15 12:19:06 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2013-07-13 10:31:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\949AF789-604A-4560-9D9E-0C9980D6118E.aplzod
[2013-07-10 22:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2013-07-10 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013-07-10 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013-07-10 20:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013-07-10 17:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013-07-09 11:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-07-09 11:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-07-05 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\CRE
[2013-07-05 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2013-07-05 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013-07-01 22:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-07-01 22:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-06-25 13:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013-06-25 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Greenshot
[2013-06-25 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Greenshot
[2013-06-25 13:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
[2013-06-25 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot
[2013-06-25 13:35:04 | 001,290,120 | ---- | C] (Greenshot                                                   ) -- C:\Users\Scott\Desktop\Greenshot-INSTALLER-1-1-4-2622.exe
[2013-06-25 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Vegas Movie Studio HD 11.0 Projects
[2013-06-25 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013-06-25 12:11:30 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\CineGobs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-07-20 09:09:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2369345896-3366982642-4062679620-1000UA.job
[2013-07-20 07:42:04 | 000,001,143 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013-07-20 04:06:50 | 000,020,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-20 04:06:50 | 000,020,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-20 03:56:04 | 000,468,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-20 03:55:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-20 03:55:21 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-20 03:55:13 | 001,779,165 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013-07-20 03:36:51 | 000,663,184 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-20 03:36:51 | 000,122,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-07-19 13:09:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2369345896-3366982642-4062679620-1000Core.job
[2013-07-19 13:05:04 | 000,000,882 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013-07-19 12:24:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-07-19 11:48:04 | 000,594,634 | ---- | M] () -- C:\Users\Scott\Desktop\AU_IRB_Handbook_Sept_2012 with additions..pdf
[2013-07-19 09:11:54 | 000,000,196 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013-07-18 09:04:31 | 000,330,771 | ---- | M] () -- C:\Users\Scott\Desktop\Riverland_CC.pdf
[2013-07-18 08:52:38 | 000,191,552 | ---- | M] () -- C:\Users\Scott\Desktop\Austin 14AA.pdf
[2013-07-17 15:23:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-07-17 15:23:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-07-17 15:23:06 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-07-17 15:23:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-07-17 15:23:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-07-17 15:23:06 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-07-17 15:05:16 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021
[2013-07-16 12:54:46 | 000,002,963 | ---- | M] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
[2013-07-16 12:51:23 | 000,915,456 | ---- | M] () -- C:\Users\Scott\Desktop\RogueKiller.exe
[2013-07-16 11:40:10 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013-07-16 11:40:10 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013-07-16 11:40:10 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013-07-15 21:11:30 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-07-15 21:11:30 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-07-15 21:11:30 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-07-15 21:11:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-07-15 21:11:30 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-07-15 21:11:30 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-07-15 21:11:30 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-07-15 21:11:30 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-07-15 21:11:30 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-07-15 21:11:30 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-07-15 21:11:30 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-07-15 21:11:30 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-07-15 21:11:30 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-07-15 21:11:30 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-07-15 21:11:30 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-07-15 21:11:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-07-15 21:11:30 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-07-15 21:11:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-07-15 21:11:30 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-07-15 21:11:30 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-07-15 21:11:30 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-07-15 21:11:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-07-15 21:11:30 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-07-15 21:11:30 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-07-15 21:11:30 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-07-15 21:11:30 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-07-15 21:11:30 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-07-15 21:11:30 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-07-15 21:11:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-07-15 21:11:30 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-07-15 21:11:30 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-07-15 21:11:30 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-07-15 21:11:30 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-07-15 21:11:30 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-07-15 21:11:30 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-07-15 21:11:30 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-07-15 21:11:30 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-07-15 21:10:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013-07-15 21:09:16 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-07-15 21:09:16 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-07-15 21:09:16 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-07-15 21:09:16 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-07-15 21:09:16 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-07-15 21:09:16 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-07-15 21:09:16 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-07-15 21:09:16 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-07-15 21:09:16 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-07-15 21:09:16 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-07-15 21:09:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-07-15 21:09:16 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-07-15 21:09:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-07-15 21:09:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-07-15 21:09:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-07-15 21:09:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-07-15 21:09:16 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-07-15 21:09:15 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-07-15 21:09:15 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-07-15 21:09:15 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-07-15 21:09:15 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-07-15 12:26:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-07-15 12:19:06 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2013-07-12 23:12:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-07-12 23:12:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-07-12 23:05:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-12 23:05:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-10 20:56:15 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-07-07 11:14:48 | 000,343,972 | ---- | M] () -- C:\Users\Scott\Desktop\Pro Custom 11.pdf
[2013-07-07 11:04:01 | 001,114,559 | ---- | M] () -- C:\Users\Scott\Desktop\Food processor instructions.pdf
[2013-07-06 16:45:42 | 000,080,523 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8406.JPG
[2013-07-06 12:38:14 | 004,421,219 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8400.JPG
[2013-07-06 12:24:10 | 000,146,802 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8384.JPG
[2013-07-06 12:23:51 | 000,100,412 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8402.JPG
[2013-07-06 12:23:32 | 000,272,056 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8395.JPG
[2013-07-06 12:23:10 | 000,185,471 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8408.JPG
[2013-07-06 12:22:47 | 000,269,852 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8396.JPG
[2013-07-06 12:22:26 | 000,133,531 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8407.JPG
[2013-07-06 12:22:07 | 000,168,297 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8397.JPG
[2013-07-06 12:21:18 | 000,154,971 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8398.JPG
[2013-07-06 12:20:48 | 008,772,683 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8405.JPG
[2013-07-06 12:19:55 | 000,113,392 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8399.JPG
[2013-07-06 12:19:39 | 000,212,279 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8404.JPG
[2013-07-06 12:19:08 | 000,171,236 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8403.JPG
[2013-07-06 12:18:51 | 000,098,735 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8401.JPG
[2013-07-06 12:18:31 | 000,201,516 | ---- | M] () -- C:\Users\Scott\Desktop\IMG_8394.JPG
[2013-07-04 02:34:28 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\isolate.ini
[2013-07-01 22:52:28 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-06-28 10:15:06 | 000,122,652 | ---- | M] () -- C:\Users\Scott\Desktop\State.pdf
[2013-06-27 16:29:18 | 000,052,872 | ---- | M] () -- C:\Users\Scott\Desktop\14AAbracketsMBT.pdf
[2013-06-27 15:13:26 | 000,000,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2013-06-25 13:35:06 | 001,290,120 | ---- | M] (Greenshot                                                   ) -- C:\Users\Scott\Desktop\Greenshot-INSTALLER-1-1-4-2622.exe
[2013-06-25 12:33:38 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Movie Studio HD 11.0.lnk
[2013-06-24 13:20:51 | 000,196,372 | ---- | M] () -- C:\Users\Scott\Desktop\waiver.pdf
[2013-06-21 13:44:22 | 002,909,901 | ---- | M] () -- C:\Users\Scott\Desktop\Blend.png
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-07-19 12:05:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-07-19 12:05:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-07-19 12:05:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-07-19 12:05:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-07-19 12:05:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-07-19 11:48:04 | 000,594,634 | ---- | C] () -- C:\Users\Scott\Desktop\AU_IRB_Handbook_Sept_2012 with additions..pdf
[2013-07-18 09:04:31 | 000,330,771 | ---- | C] () -- C:\Users\Scott\Desktop\Riverland_CC.pdf
[2013-07-18 08:52:38 | 000,191,552 | ---- | C] () -- C:\Users\Scott\Desktop\Austin 14AA.pdf
[2013-07-17 21:35:23 | 000,000,196 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013-07-16 12:54:46 | 000,002,963 | ---- | C] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
[2013-07-16 12:51:18 | 000,915,456 | ---- | C] () -- C:\Users\Scott\Desktop\RogueKiller.exe
[2013-07-15 21:11:30 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-07-07 11:14:48 | 000,343,972 | ---- | C] () -- C:\Users\Scott\Desktop\Pro Custom 11.pdf
[2013-07-07 11:04:01 | 001,114,559 | ---- | C] () -- C:\Users\Scott\Desktop\Food processor instructions.pdf
[2013-07-06 12:17:10 | 000,185,471 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8408.JPG
[2013-07-06 12:17:09 | 000,133,531 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8407.JPG
[2013-07-06 12:17:08 | 000,080,523 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8406.JPG
[2013-07-06 12:17:07 | 008,772,683 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8405.JPG
[2013-07-06 12:17:06 | 000,212,279 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8404.JPG
[2013-07-06 12:17:05 | 000,171,236 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8403.JPG
[2013-07-06 12:17:05 | 000,100,412 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8402.JPG
[2013-07-06 12:17:04 | 000,098,735 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8401.JPG
[2013-07-06 12:17:03 | 004,421,219 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8400.JPG
[2013-07-06 12:17:03 | 000,113,392 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8399.JPG
[2013-07-06 12:17:02 | 000,154,971 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8398.JPG
[2013-07-06 12:17:01 | 000,168,297 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8397.JPG
[2013-07-06 12:17:00 | 000,269,852 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8396.JPG
[2013-07-06 12:16:59 | 000,272,056 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8395.JPG
[2013-07-06 12:16:58 | 000,201,516 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8394.JPG
[2013-07-06 12:16:57 | 000,146,802 | ---- | C] () -- C:\Users\Scott\Desktop\IMG_8384.JPG
[2013-06-27 16:29:18 | 000,052,872 | ---- | C] () -- C:\Users\Scott\Desktop\14AAbracketsMBT.pdf
[2013-06-25 12:33:36 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Movie Studio HD 11.0.lnk
[2013-06-24 13:20:50 | 000,196,372 | ---- | C] () -- C:\Users\Scott\Desktop\waiver.pdf
[2013-06-21 13:43:57 | 002,909,901 | ---- | C] () -- C:\Users\Scott\Desktop\Blend.png
[2013-04-22 00:32:05 | 000,012,955 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Comma Separated Values (DOS).CAL
[2012-09-16 20:58:42 | 000,228,744 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012-08-04 18:25:58 | 000,139,506 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\VideoPad.dmp
[2012-07-19 20:32:42 | 000,006,297 | ---- | C] () -- C:\Users\Scott\AppData\Local\recently-used.xbel
[2012-07-16 17:38:36 | 000,003,475 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012-06-19 13:36:42 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012-06-19 13:35:51 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012-06-19 13:35:10 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012-06-19 13:35:10 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012-06-19 13:35:10 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012-06-19 13:35:10 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012-03-22 15:58:31 | 000,002,635 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\SAS7_000.DAT
[2012-03-06 15:30:38 | 000,009,894 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012-01-30 18:11:29 | 000,000,744 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011-12-06 20:23:02 | 000,138,056 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\PnkBstrK.sys
[2011-03-04 16:37:35 | 000,000,832 | ---- | C] () -- C:\Users\Scott\AppData\Local\RT2870_{88C30E80-DC95-4129-95F9-AE88189BAA6E}_sta
[2011-03-04 16:37:34 | 000,007,448 | ---- | C] () -- C:\Users\Scott\AppData\Local\RT2870_{88C30E80-DC95-4129-95F9-AE88189BAA6E}_prof
[2011-03-02 01:00:58 | 000,001,001 | ---- | C] () -- C:\Users\Scott\AppData\Local\RT2870_{88C30E80-DC95-4129-95F9-AE88189BAA6E}_wsc
[2011-01-11 23:23:31 | 000,023,310 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011-01-11 23:21:20 | 000,038,431 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010-07-21 17:02:15 | 000,006,144 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 08:00:51 | 000,007,614 | ---- | C] () -- C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
[2010-02-05 09:52:09 | 000,004,096 | ---- | C] () -- C:\Users\Scott\AppData\Local\keyfile3.drm
[2010-01-12 18:57:04 | 000,000,882 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008-04-14 08:39:22 | 000,025,088 | ---- | C] () -- C:\Users\Scott\Output1.spo
[2008-04-11 18:59:10 | 000,000,545 | ---- | C] () -- C:\Users\Scott\BDIfinal.sav
[2008-01-14 15:54:47 | 000,295,837 | ---- | C] () -- C:\Users\Scott\webchapter_01.pdf
[2007-10-22 15:30:57 | 000,121,621 | ---- | C] () -- C:\Users\Scott\Schoolmod.sav
[2007-10-22 14:10:31 | 000,000,505 | ---- | C] () -- C:\Users\Scott\ex3-4.sav
[2007-10-18 13:40:25 | 000,023,561 | ---- | C] () -- C:\Users\Scott\Salary.SAV
[2007-10-18 13:40:22 | 000,002,924 | ---- | C] () -- C:\Users\Scott\School.SAV
[2007-10-18 13:40:17 | 000,119,285 | ---- | C] () -- C:\Users\Scott\students.sav
[2007-10-18 13:40:13 | 000,015,136 | ---- | C] () -- C:\Users\Scott\Embarass.sav
[2007-10-18 13:40:09 | 000,010,497 | ---- | C] () -- C:\Users\Scott\Assess.SAV
[2007-10-18 13:40:03 | 000,006,236 | ---- | C] () -- C:\Users\Scott\Attach.SAV
[2007-10-18 13:39:23 | 000,000,888 | ---- | C] () -- C:\Users\Scott\Assert.SAV
[2007-10-09 12:59:28 | 000,000,094 | ---- | C] () -- C:\Users\Scott\options360.properties
[2007-08-21 10:42:43 | 000,002,176 | ---- | C] () -- C:\Users\Scott\ZbThumbnail.info
[2007-05-13 13:31:47 | 000,000,342 | ---- | C] () -- C:\Users\Scott\Settings.xml
 
========== ZeroAccess Check ==========
 
[2009-07-13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >

 

 

"Extras"

 

OTL Extras logfile created on: 2013-07-20 09:06:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop\Scans & Cleaners
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.10% Memory free
6.01 Gb Paging File | 4.55 Gb Available in Paging File | 75.71% Paging File free
Paging file location(s): c:\pagefile.sys 3083 4606 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 913.81 Gb Total Space | 241.74 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 228.46 Gb Total Space | 109.64 Gb Free Space | 47.99% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2369345896-3366982642-4062679620-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{088C462D-D5B3-4CA8-842B-A6240D52129C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C4DB5F3-97D3-444A-85F1-6E57916D213F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1520092E-ABA8-4C8E-BA8D-8B2A3F14E3EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D2B0C57-1787-4876-831F-6D790D42019A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E5E7697-FCE9-4EC9-8DD5-7773F5A581AF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EEF6033-AE50-481C-A0EE-CCF465327B3C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41E4DAFA-6C40-4C12-B5FD-4E5FFDD1ADF4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{427A9431-BB35-4C4C-A0B8-4136CE6B1950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43A8C6D1-4F68-44C9-BC51-747DB4CFE93B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{43D22B56-4D9A-4E83-9DBF-4E182E2F7A3D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4B9587A2-47CC-416C-A6AB-44CDBCAC82CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51D90432-287A-4505-8A34-9880F14F5D22}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53B08330-A681-4A13-8F9D-FCDB794937C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{57BD733C-03DD-4A76-9C6E-0F564C3497DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59731923-5195-4E5F-AA93-172277A3D0EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BE1D4D1-0708-4849-ACE4-6895CC1303E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6025198A-6B28-43D4-976B-84DB62BB8A79}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{68329A47-35E1-48E0-ABAE-3D8411F1BFE4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76C025AA-74A9-403C-86D1-115222D3B3BA}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{78ECA0CE-858A-4DAE-837D-BC0B6B4427CB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D3B1203-BDA3-43F0-87A4-41342ED6B7B9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{84CE4A40-8ABC-45DD-AF5D-2F278C1F2942}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8581AC5E-A20E-4AD4-A550-0CFDCE1400E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{871363F9-99CD-4933-93BE-822425FEF901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8AEE2BAA-EF41-4F16-9F09-7702C2890B87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97901998-046E-4AA2-A56D-9BC763EA58B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{980EF760-C46A-4B25-AFD9-E41F3EEF8278}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2C9D1B1-3EA4-41EF-8185-92790F8A106E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A44240FC-087E-4E6F-B1F3-A369D7924991}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A5D5050A-7EF4-431B-9B8D-E18A9CA36E62}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACFB8AF8-711E-4341-9406-EE6EE15E9CC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1A0FEB5-A4C3-4AF8-AA29-1FB217167A56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4DECA9F-591D-4F5E-B7E4-0DF7EFC6A2EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6A5331A-7A5B-484D-8923-B0E781F6E296}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B884E443-9389-4B52-AC5A-8441BB53CCFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAA9B32C-7E62-4BC7-B68C-78D1FFCB50E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC5952B0-8DC3-4945-9E35-D91AF988727F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0761DC5-462A-4C22-B87E-6892B36B7EC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4546E0A-0730-479E-BCDA-12AAE56F1668}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D51B7FFF-63B3-42D7-A003-4ED0120E38D4}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{E21A487D-505B-4CEC-95F6-79E0CDD3A7CC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EA4104C1-429E-409B-9DDC-1481CF10BA7A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F79C65A2-C49E-4FFD-B03A-B1F077918777}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA55F557-EE2E-43E0-AF2C-812E36E0585A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FE004C5E-1BBF-4372-A98F-A6AE00175623}" = lport=3390 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C1C366A-9A78-41A0-AA65-A493B598ED9A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18629B0F-EF43-4C81-BE9C-A7E47CA224E4}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{20E1FFF1-9845-4BCE-AC3D-04152E0522D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{260A9F4C-01B8-4424-8F4F-CD28F9B3C9B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F1EE6BF-034C-4A22-B1A4-0FF68505C7AC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{32D0B3CE-4F11-4B19-8E9B-1534013516C1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{3CE7D4BB-9D78-450F-9286-EE21277DE64D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5FD69B8D-63B9-4059-AB48-B0CB1A0755AF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{668AA3F6-CD7C-41D0-BC78-2A00AFB811B3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69107BE1-6170-4D09-95EC-2414AB8D7F7E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6FD2EE49-43E3-4AAA-AE50-E58D32D99A30}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{70573E55-BD66-446A-A181-7FEC4AF195A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91DD531D-C3AD-4437-9336-CF9E7E5F427D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9AA2684A-07E5-4883-BD3C-F41BEA612154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D190B3D-AAED-404C-8822-54849DE4D53F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A593CEF5-FD28-4DFD-B51C-96268059DEA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AC1C911D-61F6-4F46-86E3-C07A370EACC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1DAD3CB-2CB9-47FD-A6C2-4BA6E69333C1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B271FA22-2374-436D-892B-8CD4A5401E9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5082FCC-2F21-4ABB-9986-2FBED38A6FB2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E90A2D5B-FC9C-43F4-BA03-2AF3FD675BBE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0B331DB-72C6-409A-AB95-7966C7A972C4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD4ADCA7-F65C-4B64-8644-925FE5102349}" = dir=in | app=c:\program files\itunes\itunes.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Pro X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39E2A400-EAA2-012B-AE04-000000000000}" = TurboTax 2009 wmniper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB655D4-07D7-45E3-B852-FF869EA628A1}" = VSPro
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5F29D5E7-8C01-4695-8A38-9F94BC3EAD40}" = TurboTax 2011 wmniper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6DC79411-858B-11E1-8E7A-F04DA23A5C58}" = Vegas Movie Studio HD 11.0
"{6FF62766-1CB5-451D-A795-89C739E5F420}_is1" = NoMoreDupes for Outlook
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CB4200-858B-11E1-B14B-F04DA23A5C58}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F48A2B2-EBE8-4CAF-870E-77FBA83DC1F4}" = Connect by Quickoffice
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8950D4E9-FC75-4F3F-B414-33F53F9B346A}" = TaxCut Minnesota 2008
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}" = Hoyle Friday Night Poker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B14E295B-939D-4CE0-99CD-CB8C3B4FFF2E}" = TurboTax 2012 wmniper
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 2.0
"AudioCS" = Creative Audio Control Panel
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DualCoreCenter_is1" = DualCoreCenter
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Finale NotePad 2012" = Finale NotePad 2012
"Free_Key_logger" = Free_Key_logger
"Google Calendar Sync" = Google Calendar Sync
"Greenshot_is1" = Greenshot 1.1.4.2622
"HitmanPro37" = HitmanPro 3.7
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Manilla" = Manilla
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Outlook Recovery Wizard" = Outlook Recovery Wizard
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Prism" = Prism Video File Converter
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.94
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"sp6" = Logitech SetPoint 6.20
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"TurboTax 2009" = TurboTax 2009
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WFTK" = Canon Utilities WFT Utility
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGeno_is1" = WinGeno
"WinLiveSuite" = Windows Live Essentials
"Write-N-Cite" = Write-N-Cite
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2369345896-3366982642-4062679620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 2012-05-07 15:36:31 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 269327
 seconds with 10620 seconds of active time.  This session ended with a crash.
 
Error - 2012-06-02 22:31:06 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2012-06-07 11:52:10 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2012-07-06 13:17:53 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2012-08-09 22:24:34 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 121570
 seconds with 6240 seconds of active time.  This session ended with a crash.
 
Error - 2012-09-20 11:56:59 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 324185
 seconds with 6540 seconds of active time.  This session ended with a crash.
 
Error - 2012-09-20 12:25:57 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1730
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 2013-04-25 17:48:09 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99412
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 2013-05-07 18:29:57 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1366
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 2013-06-28 11:23:04 | Computer Name = Scott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 878
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-07-19 14:04:55 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error:   %%2
 
Error - 2013-07-19 14:05:22 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 2013-07-19 14:22:51 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error:   %%2
 
Error - 2013-07-19 14:23:18 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 2013-07-19 14:40:11 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error:   %%2
 
Error - 2013-07-19 14:40:31 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 2013-07-20 04:02:05 | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2013-07-20 04:56:29 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error:   %%2
 
Error - 2013-07-20 04:56:51 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 2013-07-20 04:57:30 | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 

Thank you for your continued efforts.

 

Scott.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 20 July 2013 - 02:01 PM


Hello Scott.

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.libproxy.edmc.edu/lib/argosy/support/plugins/ebraryRdr.cab (Reg Error: Key error.)
    O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (Reg Error: Key error.)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN39804339159516822&UM=2&UP=SPFCD00046-F58E-404F-B989-798B5D060B00
    IE - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1000..\Run: [freeklogger.exe] C:\Program Files\FK_Monitor\freeklogger.exe ()
    O4 - HKU\S-1-5-21-2369345896-3366982642-4062679620-1017..\Run: [freeklogger.exe] C:\Program Files\FK_Monitor\freeklogger.exe ()
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:587EB586
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:11 PM

Posted 24 July 2013 - 01:20 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jsbeazley

jsbeazley
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 24 July 2013 - 01:41 AM

Gringo

My apologies. I had to travel to Canada due to the death of my father. I will not be home to work on this issue until next Tuesday. I will try to get my son to follow your instructions starting tomorrow.

Thanks

Scott




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users