[Closed] Possible infection/computer refused to startup

Status
Not open for further replies.

zuuzuu

Posts: 14   +0
My brother told me that his computer would not start up this morning. It's actually started up now so I'm not sure if it just came on eventually or he managed to set it back to a previous restore. I'd appreciate it if someone could please help me with this to confirm it's not an infection. He just got a new job that requires him to use his computer, so all of his personal information is here for any possible hacker to see if the computer is currently infected. He also wouldn't be able to get his job done if it's a virus causing the faulty load-ups. Thanks!

I'm going to follow the 4-step Preliminary Instructions. I will post them when they are completed.
 
Here is the MalwareBytes log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HP29169229266 [administrator]

1/4/1980 12:36:11 AM
mbam-log-1980-01-04 (00-36-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198782
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Administrator\Local Settings\Temp\gos439.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

(end)
 
Here is DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 0:48:27 on 1980-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.630 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: GetSavin 5.0: {74011C48-5DBF-4065-9CDC-353F10C9BC3D} - c:\documents and settings\administrator\local settings\application data\getsavin\ie\getsavin_1363111201.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:16
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294667170437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=20130312140407004&tb_oid=12-03-2013&tb_mrud=13-03-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-02-03 14:34; getsavin@jetpack; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\getsavin@jetpack
FF - ExtSQL: 2012-04-20 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-04-20 11:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-05-26 18:10; uss-button@uploadscreenshot.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\uss-button@uploadscreenshot.com.xpi
FF - ExtSQL: 2012-11-26 20:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-30 19:56; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\common files\dvdvideosoft\plugins\ff
FF - ExtSQL: 2013-02-01 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-03-12 14:07; addon@defaulttab.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 1969-12-31 18:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - e02019e70000000000000019bb59d86f
FF - user.js: extensions.incredibar_i.instlDay - 15461
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:57:53
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8rCBQose
FF - user.js: extensions.incredibar_i.upn2n - 92824286769050342
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 453
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-15 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-20 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-20 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-20 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-20 44808]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2013-3-12 107520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-2 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-2 682344]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-1-6 476160]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-6-18 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-6-18 451960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-2 21104]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-6-18 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-17 06:48:53 -------- d-----w- c:\program files\CCleaner
2013-03-16 08:28:29 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 08:28:29 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-13 05:12:33 -------- d-----w- c:\documents and settings\administrator\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-13 04:48:24 -------- d-----w- c:\documents and settings\administrator\application data\OpenOffice.org
2013-03-12 19:06:11 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
2013-03-12 19:05:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\getsavin
2013-03-12 19:05:07 -------- d-----w- c:\program files\common files\Software Update Utility
2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-01 23:19:33 -------- d-----w- c:\program files\surgeon
2013-02-01 09:02:41 -------- d-----w- c:\windows\system32\XPSViewer
2013-02-01 09:02:11 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-02-01 09:01:52 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-02-01 09:01:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-02-01 09:01:52 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-02-01 09:01:52 117760 ------w- c:\windows\system32\prntvpt.dll
2013-02-01 09:01:51 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-02-01 09:01:51 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-02-01 09:01:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-02-01 09:01:51 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-02-01 09:01:51 -------- d-----w- C:\6b1fa9f1df1ce269e10a278f
2013-01-31 02:01:17 -------- d-----w- c:\documents and settings\administrator\application data\DVDVideoSoftIEHelpers
2013-01-31 01:55:39 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-01-31 01:55:39 -------- d-----w- c:\documents and settings\administrator\application data\DVDVideoSoft
2013-01-31 01:55:38 -------- d-----w- c:\program files\DVDVideoSoft
2013-01-09 01:36:49 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2012-12-09 23:03:33 -------- d-----w- c:\program files\Hero Editor
2012-12-09 23:03:30 249856 ------w- c:\windows\Setup1.exe
2012-12-09 23:03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-11-27 01:59:14 -------- d-----r- c:\program files\Skype
2012-11-27 01:53:59 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-11-27 01:53:59 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-11-04 17:32:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-10-07 05:22:26 -------- d-----w- c:\documents and settings\all users\application data\Nexon
2012-10-02 18:04:21 58368 ------w- c:\windows\system32\dllcache\synceng.dll
2012-10-02 12:25:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-02 12:25:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-20 23:10:03 -------- d-----w- C:\Romsandemulators
2012-08-20 22:49:19 -------- d-----w- C:\Westwood
2012-08-20 22:32:09 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2012-08-20 22:32:09 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-08-03 06:35:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-03 06:35:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-03 06:35:39 -------- d-----w- C:\Nexon
2012-08-03 06:35:39 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2012-08-03 06:35:38 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
2012-08-02 14:27:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PMB Files
2012-08-02 14:26:54 -------- d-----w- c:\program files\Pando Networks
2012-08-02 14:12:17 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-08-02 14:12:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-06 13:58:51 78336 ------w- c:\windows\system32\dllcache\browser.dll
2012-06-21 02:56:12 -------- d-----w- c:\windows\system32\Adobe
2012-06-19 04:00:23 -------- d-----w- c:\documents and settings\administrator\application data\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2012-06-19 04:00:07 -------- d-----w- c:\documents and settings\administrator\application data\Wacom
2012-06-19 03:59:59 -------- d-----w- c:\documents and settings\all users\application data\Wacom
2012-06-19 03:59:37 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2012-06-19 03:59:25 -------- d-----w- c:\program files\Bamboo Dock
2012-06-19 03:57:04 -------- d-----w- c:\documents and settings\administrator\application data\WTablet
2012-06-19 03:57:02 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2012-06-19 03:56:54 -------- d-----w- c:\program files\TabletPlugins
2012-06-19 03:56:51 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-06-19 03:56:36 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-06-19 03:56:28 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-06-19 03:56:25 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2012-06-19 03:56:25 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2012-06-19 03:56:25 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2012-06-19 03:56:21 -------- d-----w- c:\program files\Tablet
2012-06-16 07:05:01 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2012-06-16 07:05:01 140800 ----a-w- c:\windows\system32\tm20dec.ax
2012-06-16 07:05:00 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2012-06-16 07:04:54 63488 ----a-w- c:\windows\system32\unam4ie.exe
2012-06-16 07:04:52 5672 ----a-w- c:\windows\system32\quartz.vxd
2012-06-16 07:04:52 11776 ----a-w- c:\windows\system32\mciqtz.drv
2012-06-16 07:04:52 10240 ----a-w- c:\windows\system32\vidx16.dll
2012-06-16 07:04:51 194320 ----a-w- c:\windows\system32\qcut.dll
2012-06-16 07:04:50 4608 ----a-w- c:\windows\system32\w95inf32.dll
2012-06-16 07:04:50 2272 ----a-w- c:\windows\system32\w95inf16.dll
2012-06-16 06:56:01 -------- d-----w- c:\program files\directx
2012-06-16 06:29:27 -------- d-----w- c:\program files\Eidos Interactive
2012-06-16 04:50:09 967 ----a-w- c:\windows\ScUnin.pif
2012-06-16 04:50:09 94208 ----a-w- c:\windows\ScUnin.exe
2012-06-16 04:49:44 -------- d-----w- c:\program files\Starcraft
2012-06-16 04:39:24 -------- d-----w- c:\program files\Warcraft II BNE
2012-06-16 04:31:31 86528 ----a-w- c:\windows\bnetunin.exe
2012-06-13 23:40:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2012-06-13 23:23:58 440760 ----a-w- C:\setup.exe
2012-06-13 23:23:58 -------- d-----w- C:\Application Files
2012-06-13 08:37:18 -------- d-----w- C:\ZomPirate's RotMG DPS Calculator v(1.0)
2012-06-13 04:04:53 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 08:24:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2012-06-12 00:47:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2012-06-10 07:15:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
2012-06-10 07:02:10 -------- d-----w- c:\program files\Oracle
2012-06-10 07:01:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 23:20:49 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-02 19:40:30 -------- d-----w- c:\windows\pss
2012-04-26 04:25:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-21 21:52:44 -------- d-----w- c:\program files\iPod
2012-04-21 21:52:37 -------- d-----w- c:\program files\iTunes
2012-04-21 08:29:32 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-04-21 08:29:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-21 08:29:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-21 08:28:20 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-21 08:28:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-04-21 08:27:51 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-21 08:27:51 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-20 18:58:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-20 18:58:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 17:55:00 -------- d-----w- c:\windows\SxsCaPendDel
2012-04-20 17:54:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-04-20 16:56:16 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-20 16:55:07 41224 ----a-w- c:\windows\avastSS.scr
2012-04-20 16:54:35 -------- d-----w- c:\program files\AVAST Software
2012-04-20 16:54:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-20 16:45:24 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2012-04-20 16:45:24 17212 ----a-w- c:\windows\system32\SIntf32.dll
2012-04-20 16:45:24 12067 ----a-w- c:\windows\system32\SIntf16.dll
2012-04-20 16:40:03 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-20 16:40:03 2829 ----a-w- c:\windows\DIIUnin.pif
2012-04-20 16:36:09 -------- d-----w- c:\program files\Diablo II
2012-04-20 16:31:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2012-04-20 16:25:20 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-04-20 16:16:54 -------- d-----w- c:\windows\system32\appmgmt
2012-04-20 16:07:26 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-20 16:07:24 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-20 16:07:24 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-04-20 16:06:32 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-20 14:58:36 -------- d-----w- c:\windows\i386
2012-04-20 13:03:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-04-20 13:03:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\dllcache\imagehlp.dll
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\dllcache\packager.exe
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\dllcache\qdvd.dll
2011-10-18 11:13:22 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-10-14 14:47:29 23040 ------w- c:\windows\system32\dllcache\mciseq.dll
2011-10-14 14:47:29 176128 ------w- c:\windows\system32\dllcache\winmm.dll
2011-09-28 07:06:50 601088 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-26 18:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 18:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-02-20 05:03:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-02-19 06:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-10 14:19:21 -------- d-----w- c:\windows\DRIVERS
2011-01-10 14:17:12 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
2011-01-10 14:17:12 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2011-01-10 14:17:03 -------- d-----w- c:\windows\SMINST
2011-01-10 14:17:03 -------- d-----w- c:\windows\CREATOR
2011-01-10 14:16:52 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2011-01-10 14:16:52 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2011-01-10 14:16:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2011-01-10 14:16:52 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2011-01-10 14:16:52 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2011-01-10 14:16:46 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2011-01-10 14:16:45 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2011-01-10 14:09:28 -------- d-sh--w- C:\System Recovery
2011-01-10 13:54:00 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-10 13:53:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-10 13:53:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-10 13:33:04 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 13:32:31 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-10 13:31:42 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-10 13:31:42 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-01-10 13:31:42 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-10 13:31:08 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-10 13:29:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-10 13:25:43 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-01-10 13:15:10 -------- d-----w- c:\windows\system32\scripting
2011-01-10 13:15:09 -------- d-----w- c:\windows\system32\en
2011-01-10 13:15:09 -------- d-----w- c:\windows\system32\bits
2011-01-10 13:15:09 -------- d-----w- c:\windows\l2schemas
2011-01-10 13:12:29 -------- d-----w- c:\windows\network diagnostic
2011-01-10 13:04:42 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-01-07 22:06:16 -------- d-----w- c:\windows\ie8updates
2011-01-07 22:06:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-07 22:06:11 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-07 22:06:11 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-07 22:06:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-07 22:06:11 2004992 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-01-07 22:06:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-01-07 22:06:11 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-01-07 22:05:12 -------- dc-h--w- c:\windows\ie8
2011-01-07 21:58:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-07 21:54:17 421888 ----a-w- c:\windows\Nero PhotoShow.scr
2011-01-07 21:54:17 -------- d-----w- c:\documents and settings\administrator\application data\Simple Star
2011-01-07 21:54:17 -------- d-----w- C:\Demo Album
2011-01-07 21:52:25 24064 ------w- c:\windows\system32\msxml3a.dll
2011-01-07 12:09:52 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-01-07 12:03:47 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-07 12:03:47 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-07 12:03:44 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-01-07 12:03:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-07 12:03:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-07 12:03:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-07 12:03:29 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-07 12:03:28 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-07 12:02:53 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-01-07 12:02:33 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-07 12:02:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-07 12:00:58 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-07 11:59:39 337920 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-01-07 11:58:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-07 11:58:41 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-07 11:25:55 -------- d-----w- c:\windows\system32\PreInstall
2011-01-07 11:25:47 -------- d--h--w- c:\windows\$hf_mig$
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll
2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-04-05 19:54:04 384512 ----a-w- c:\windows\system32\mp4sdmod.dll
2010-03-30 08:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-18 23:47:22 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 20:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 20:16:28 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 20:16:28 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 17:09:00 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 17:09:00 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 17:09:00 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-11-12 03:06:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-11-06 06:17:22 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
.
============= FINISH: 0:49:17.82 ===============
 
Here is Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2011 2:55:09 PM
System Uptime: 1/4/1980 12:02:09 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 09F8h
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU1 PROCESSOR | 3189/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 55 GiB total, 31.162 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 13.493 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_3011103C&REV_01\4&4878531&0&00E1
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_3011103C&REV_01\4&4878531&0&00E1
Service: b57w2k
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&EDE93E0&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&EDE93E0&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP305: 1/30/2013 9:02:07 PM - System Checkpoint
RP306: 1/31/2013 3:00:14 AM - Software Distribution Service 3.0
RP307: 2/1/2013 3:00:18 AM - Software Distribution Service 3.0
RP308: 2/2/2013 3:00:16 AM - Software Distribution Service 3.0
RP309: 2/3/2013 3:15:19 AM - System Checkpoint
RP310: 2/4/2013 3:35:54 AM - System Checkpoint
RP311: 2/5/2013 4:25:43 AM - System Checkpoint
RP312: 2/6/2013 5:09:48 AM - System Checkpoint
RP313: 2/7/2013 6:09:48 AM - System Checkpoint
RP314: 2/8/2013 6:12:48 AM - System Checkpoint
RP315: 2/9/2013 7:07:37 AM - System Checkpoint
RP316: 2/10/2013 7:12:53 AM - System Checkpoint
RP317: 2/11/2013 9:00:57 AM - System Checkpoint
RP318: 2/12/2013 9:21:38 AM - System Checkpoint
RP319: 2/13/2013 3:00:22 AM - Software Distribution Service 3.0
RP320: 2/14/2013 3:00:20 AM - Software Distribution Service 3.0
RP321: 2/15/2013 3:12:18 AM - System Checkpoint
RP322: 2/16/2013 8:22:38 AM - System Checkpoint
RP323: 2/17/2013 8:41:12 AM - System Checkpoint
RP324: 2/18/2013 3:00:19 PM - System Checkpoint
RP325: 2/20/2013 12:24:26 AM - System Checkpoint
RP326: 2/21/2013 12:49:10 AM - System Checkpoint
RP327: 2/24/2013 2:29:35 PM - System Checkpoint
RP328: 2/25/2013 2:29:54 PM - System Checkpoint
RP329: 2/26/2013 6:35:18 PM - System Checkpoint
RP330: 2/27/2013 9:05:37 PM - System Checkpoint
RP331: 1/4/1980 5:55:57 PM - System Checkpoint
RP332: 1/6/1980 12:22:53 AM - System Checkpoint
RP333: 3/2/2013 7:23:35 PM - System Checkpoint
RP334: 3/3/2013 7:25:21 PM - System Checkpoint
RP335: 3/4/2013 8:25:21 PM - System Checkpoint
RP336: 3/7/2013 2:45:49 PM - System Checkpoint
RP337: 3/8/2013 11:23:12 PM - System Checkpoint
RP338: 3/10/2013 2:27:14 AM - System Checkpoint
RP339: 3/11/2013 1:25:11 PM - System Checkpoint
RP340: 3/12/2013 8:17:24 PM - System Checkpoint
RP341: 3/12/2013 9:51:51 PM - Installed OpenOffice.org 3.4.1
RP342: 3/13/2013 12:15:01 AM - Removed Adobe Download Assistant
RP343: 3/14/2013 3:00:14 AM - Software Distribution Service 3.0
RP344: 3/16/2013 5:16:55 PM - System Checkpoint
RP345: 3/17/2013 3:00:17 AM - Software Distribution Service 3.0
RP346: 3/19/2013 1:16:52 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bamboo
Bamboo Dock
Battle.net
Broadcom Management Programs
CCleaner
Command & Conquer Red Alert 2
DefaultTab
Diablo II
Download Updater (AOL Inc.)
Free Studio version 2013
GetSavin
Google Chrome
Google Drive
Google Update Helper
Hero Editor V1.04
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP BIOS Configuration for ProtectTools 2.00 A17
HP Help and Support 4.0
HP ProtectTools Security Manager 2.00 B3
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 20
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Nexon Game Manager
OpenOffice.org 3.4.1
Pando Media Booster
PDF Complete
RealmOfTheMadGod Essential
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 6.1
Software Setup
Starcraft
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Westwood Shared Internet Components
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 7:28:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/5/2013 12:02:13 AM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
1/5/2013 12:01:51 AM, error: Service Control Manager [7034] - The PC Angel service terminated unexpectedly. It has done this 1 time(s).
1/5/2013 12:01:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
1/5/2013 12:01:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
1/5/2013 12:01:50 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2013 8:49:36 AM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 8:49:33 AM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 8:49:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 8:49:19 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 8:49:17 AM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
When attempting to run Combofix I got a message that said:

"This machine does not have the 'Microsoft Recovery console' installed. Alternately, an existing installation of the recovery console may be present but requires updating. Without it, Combofix shall not attempt the fixing of some serious issues.

Click 'Yes' to have Combofix download/install it."

What should I do next? Attempt to download it, or just let Combofix run without it?
 
Just a quick update - the computer seems to be getting worse although running. At first when loading up the computer would re-size itself (icons, browser windows, etc) to huge proportions. Now everything looks compressed to the point that while writing this some of the letters appear to be invisible. I'm not sure if this is important to note but I just wanted to throw it out there.
 
I believe Combofix ran with no issues. It scanned, restarted my system and said wait for it to produce a log but none ever came. What should I do?
 
I went searching through files in an attempt to find a possible hidden Combofix log, and instead I accidentally caused Combofix to run again (lol). However, this time it managed to produce a log.

ComboFix 13-03-23.01 - Administrator 01/05/1980 12:21:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.257 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_ctypes.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_elementtree.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_hashlib.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_socket.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_ssl.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pyexpat.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pysqlite2._sqlite.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\python27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pythoncom27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\PyWinTypes27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\select.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\unicodedata.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32api.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32com.shell.shell.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32crypt.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32event.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32file.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32inet.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32pdh.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32process.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32profile.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32security.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32ts.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\windows._cacheinvalidation.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._controls_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._core_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._gdi_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._html2.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._misc_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._windows_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._wizard.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxbase294u_net_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxbase294u_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_adv_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_core_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_html_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_webview_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_ctypes.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_elementtree.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_hashlib.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_socket.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_ssl.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pyexpat.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pysqlite2._sqlite.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\python27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pythoncom27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\PyWinTypes27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\select.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\unicodedata.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32api.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32com.shell.shell.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32crypt.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32event.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32file.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32inet.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32pdh.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32process.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32profile.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32security.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32ts.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\windows._cacheinvalidation.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._controls_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._core_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._gdi_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._html2.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._misc_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._windows_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._wizard.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxbase294u_net_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxbase294u_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_adv_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_core_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_html_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_webview_vc90.dll
C:\Read Me.txt
c:\windows\wininit.ini
.
---- Previous Run -------
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_ctypes.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_elementtree.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_hashlib.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_socket.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_ssl.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pyexpat.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pysqlite2._sqlite.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\python27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pythoncom27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\PyWinTypes27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\select.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\unicodedata.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32api.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32com.shell.shell.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32crypt.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32event.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32file.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32inet.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32pdh.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32process.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32profile.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32security.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32ts.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\windows._cacheinvalidation.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._controls_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._core_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._gdi_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._html2.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._misc_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._windows_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._wizard.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxbase294u_net_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxbase294u_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_adv_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_core_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_html_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_webview_vc90.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Administrator\Local Settings\Application Data\getsavin\ie\geTSavin_1363111201.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_ctypes.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_elementtree.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_hashlib.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_socket.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_ssl.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pyexpat.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pysqlite2._sqlite.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\python27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pythoncom27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\PyWinTypes27.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\select.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\unicodedata.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32api.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32com.shell.shell.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32crypt.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32event.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32file.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32inet.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32pdh.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32process.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32profile.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32security.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32ts.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\windows._cacheinvalidation.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._controls_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._core_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._gdi_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._html2.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._misc_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._windows_.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._wizard.pyd
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxbase294u_net_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxbase294u_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_adv_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_core_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_html_vc90.dll
c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_webview_vc90.dll
C:\setup.exe
c:\windows\system\winspool.drv
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
-- Previous Run --
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
.
Infected copy of c:\windows\system32\mqtgsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqtgsvc.exe
.
--------
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 1979-12-05 to 1980-01-05 )))))))))))))))))))))))))))))))
.
.
2013-02-01 09:01 . 2013-02-01 09:02 -------- d-----w- C:\6b1fa9f1df1ce269e10a278f
2012-08-20 23:10 . 2012-08-20 22:34 -------- d-----w- C:\Romsandemulators
2012-08-20 22:49 . 2012-08-20 22:49 -------- d-----w- C:\Westwood
2012-08-03 06:35 . 2012-10-07 05:39 -------- d-----w- C:\Nexon
2012-06-13 23:23 . 2012-06-02 04:33 -------- d-----w- C:\Application Files
2012-06-13 08:37 . 2012-06-13 08:37 -------- d-----w- C:\ZomPirate's RotMG DPS Calculator v(1.0)
2012-05-01 20:57 . 2012-05-01 20:57 450 ----a-w- C:\user.js
2011-01-10 14:09 . 2011-01-10 14:14 -------- d-sh--w- C:\System Recovery
2011-01-07 21:54 . 2011-01-07 21:54 -------- d-----w- C:\Demo Album
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:31 . 2004-08-04 07:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2008-04-14 00:12 . 2004-08-04 07:56 150528 -c--a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2008-04-14 00:12 . 2004-08-04 07:56 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 00:12 . 2004-08-04 07:56 18432 -c--a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 00:12 . 2004-08-04 07:56 769024 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-04-14 00:12 . 2004-08-04 07:56 279040 -c--a-w- c:\windows\help\tshoot.dll
2008-04-14 00:12 . 2004-08-04 07:56 726078 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 00:12 . 2004-08-04 07:56 33280 -c--a-w- c:\windows\help\sstub.dll
2008-04-14 00:12 . 2004-08-04 07:56 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 00:12 . 2004-08-04 07:56 34816 -c--a-w- c:\windows\help\sniffpol.dll
2008-04-14 00:12 . 2004-08-04 07:56 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 00:12 . 2004-08-04 07:56 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 00:11 . 2004-08-04 07:56 376832 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 00:11 . 2004-08-04 07:56 3166208 -c--a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 00:11 . 2008-04-14 00:11 39424 ------w- c:\windows\apppatch\acadproc.dll
2008-04-14 00:11 . 2004-08-04 07:56 245248 ----a-w- c:\windows\apppatch\acspecfc.dll
2008-04-14 00:11 . 2004-08-04 07:56 1852928 ----a-w- c:\windows\apppatch\acgenral.dll
2008-04-14 00:11 . 2004-08-04 07:56 141312 ----a-w- c:\windows\apppatch\aclua.dll
2008-04-14 00:11 . 2004-08-04 07:56 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll
2004-08-04 15:00 . 2004-08-04 15:00 3374640 -c--a-w- c:\windows\help\Tours\mmTour\tour.exe
2002-11-25 16:02 . 2011-01-06 20:35 45056 -c--a-w- c:\windows\security\templates\SecureUP.exe
2001-08-18 05:36 . 2001-08-18 05:36 35328 -c--a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2001-08-18 05:36 . 2001-08-18 05:36 99840 -c--a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2001-08-18 05:36 . 2001-08-18 05:36 21504 -c--a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2001-08-18 05:36 . 2001-08-18 05:36 152576 -c--a-w- c:\windows\help\bnts.dll
2001-08-18 05:34 . 2001-08-18 05:34 6656 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2013-03-08 01:57 . 2013-03-08 01:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 21:54 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-12-11 646744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56433:TCP"= 56433:TCP:pando Media Booster
"56433:UDP"= 56433:UDP:pando Media Booster
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [5/15/2012 5:20 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/20/2012 10:56 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/20/2012 10:56 AM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/20/2012 10:56 AM 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 6:25 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/2/2012 6:25 AM 682344]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/6/2011 2:35 PM 476160]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [6/18/2012 9:56 PM 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [6/18/2012 9:57 PM 451960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/2/2012 6:25 AM 21104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/18/2012 9:56 PM 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-17 06:20 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 00:15]
.
2013-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
1980-01-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 23:50]
.
1980-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-17 05:47]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-17 05:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=20130312140407004&tb_oid=12-03-2013&tb_mrud=13-03-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2012-02-03 14:34; getsavin@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\getsavin@jetpack
FF - ExtSQL: 2012-04-20 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-04-20 11:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-05-26 18:10; uss-button@uploadscreenshot.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\uss-button@uploadscreenshot.com.xpi
FF - ExtSQL: 2012-11-26 20:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-30 19:56; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-02-01 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-03-12 14:07; addon@defaulttab.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 1969-12-31 18:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - e02019e70000000000000019bb59d86f
FF - user.js: extensions.incredibar_i.instlDay - 15461
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:57
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8rCBQose
FF - user.js: extensions.incredibar_i.upn2n - 92824286769050342
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 453
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DefaultTab - c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 1980-01-05 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1729661835-2752105153-558919806-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,b5,9a,ab,fa,7d,ca,4e,85,62,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,b5,9a,ab,fa,7d,ca,4e,85,62,69,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\jscript.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 1980-01-05 12:38:42 - machine was rebooted
ComboFix-quarantined-files.txt 1980-01-05 18:38
.
Pre-Run: 34,780,811,264 bytes free
Post-Run: 34,714,136,576 bytes free
.
- - End Of File - - A227DC381C716AEA4AB127F2B159B517
 
Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.
.

RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.


TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
ADWCLEANER log:

# AdwCleaner v2.115 - Logfile created 01/06/1980 at 10:07:37
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HP29169229266
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\searchplugins\search-here.xml
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\getsavin
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Deleted : user_pref("aol_toolbar.cookie.search", "");
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{294B31D3-624E-65A7-7CDC-9D1F66DD2EFC}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "19");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "2");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "12");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "3");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "316022784573");
Deleted : user_pref("aol_toolbar.reset.flag", "3");
Deleted : user_pref("aol_toolbar.reset.style", "A");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Wed Mar 13 2013 16:24:07 GMT-0500 (Central Day[...]
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "13-03-2013");
Deleted : user_pref("aol_toolbar.search.instd", "20130312140407004");
Deleted : user_pref("aol_toolbar.search.oid", "12-03-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "2676");
Deleted : user_pref("aol_toolbar.surf.lastDate", "19");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "2");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "3626");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "3633");
Deleted : user_pref("aol_toolbar.surf.week", "2918");
Deleted : user_pref("aol_toolbar.surf.year", "3626");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "28");
Deleted : user_pref("aol_toolbar.weather.degf", "82");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/30.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USFL0228");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "Jacksonville , FL : Partly Cloudy");
Deleted : user_pref("aol_toolbar.weather.update", "316022784613");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adk[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "e02019e70000000000000019bb59d86f");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15461");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "453");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8rCBQose");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824286769050342");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:57:53");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10249 octets] - [06/01/1980 10:07:37]

########## EOF - C:\AdwCleaner[S1].txt - [10310 octets] ##########
 
JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sun 01/06/1980 at 10:16:01.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\getsavin@jetpack
Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\prefs.js

user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_
user_pref("aol_toolbar.curtain.congrats", "curtain");
user_pref("aol_toolbar.firsttime.showwindow", false);
user_pref("aol_toolbar.guid", "{DA4CE219-73E1-3484-F8E4-DB3218315DD2}");
user_pref("aol_toolbar.homepageprotection.enabled", true);
user_pref("aol_toolbar.install.distroid", "aol");
user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
user_pref("aol_toolbar.install.lid", "hyplognew00000010");
user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
user_pref("aol_toolbar.install.ncid", "");
user_pref("aol_toolbar.metrics.activestampdate", "6");
user_pref("aol_toolbar.metrics.activestampmonth", "0");
user_pref("aol_toolbar.metrics.activestampyear", "1980");
user_pref("aol_toolbar.metrics.log", false);
user_pref("aol_toolbar.metrics.originalDate", "24");
user_pref("aol_toolbar.metrics.originalHours", "5");
user_pref("aol_toolbar.metrics.originalMinutes", "0");
user_pref("aol_toolbar.metrics.originalMonth", "3");
user_pref("aol_toolbar.metrics.originalSeconds", "0");
user_pref("aol_toolbar.metrics.originalYear", "2013");
user_pref("aol_toolbar.relatednews.enabled", false);
user_pref("aol_toolbar.remote.publish.xml", "316023152412");
user_pref("aol_toolbar.rtw.active", false);
user_pref("aol_toolbar.search.button", true);
user_pref("aol_toolbar.search.cid", "24-03-2013");
user_pref("aol_toolbar.search.instd", "20130312140407004");
user_pref("aol_toolbar.search.oid", "24-03-2013");
user_pref("aol_toolbar.search.placement", "right");
user_pref("aol_toolbar.search.populateoncomplete", false);
user_pref("aol_toolbar.search.savehistory", false);
user_pref("aol_toolbar.search.searchtype", "web");
user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
user_pref("aol_toolbar.searchprotection.enabled", true);
user_pref("aol_toolbar.skin.custom", false);
user_pref("aol_toolbar.surf.date", "6");
user_pref("aol_toolbar.surf.lastDate", "6");
user_pref("aol_toolbar.surf.lastMonth", "0");
user_pref("aol_toolbar.surf.lastYear", "1980");
user_pref("aol_toolbar.surf.month", "6");
user_pref("aol_toolbar.surf.prevMonth", "0");
user_pref("aol_toolbar.surf.total", "6");
user_pref("aol_toolbar.surf.week", "6");
user_pref("aol_toolbar.surf.year", "6");
user_pref("aol_toolbar.ticker.active", false);
user_pref("aol_toolbar.upgrade.showwindow", false);
user_pref("aol_toolbar.weather.degc", "7");
user_pref("aol_toolbar.weather.degf", "44");
user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
user_pref("aol_toolbar.weather.locationid", "USNY0996");
user_pref("aol_toolbar.weather.metric", true);
user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
user_pref("aol_toolbar.weather.update", "316023156153");
user_pref("browser.newtabpage.blocked", "{\"uhrhSQECNoKMOujqtYIXdA==\":1,\"n9VfjC+uuMhHw3hUZsfvXg==\":1,\"wgSFhS28nVLITTuTS9xmzw==\":1,\"S22U0beSeFxAI8rUao4siw==\":1,\"lphV8YD
user_pref("extensions.defaulttab.lastUsed", 1363116098);
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/06/1980 at 10:24:58.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller 1 log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 01/06/1980 10:31:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD080HJ +++++
--- User ---
[MBR] a32c2e8bb236ee5969c341a8680341fe
[BSP] 98d9bf641bb608ca1554a0ae67f99fba : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 55999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 114688035 | Size: 20285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01061980_02d1031.txt >>
RKreport[1]_S_01061980_02d1031.txt
 
RogueKiller 2 log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 01/06/1980 10:32:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD080HJ +++++
--- User ---
[MBR] a32c2e8bb236ee5969c341a8680341fe
[BSP] 98d9bf641bb608ca1554a0ae67f99fba : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 55999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 114688035 | Size: 20285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01061980_02d1032.txt >>
RKreport[1]_S_01061980_02d1031.txt ; RKreport[2]_D_01061980_02d1032.txt
 
RogueKiller 3 log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/06/1980 10:33:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 78 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 119 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01061980_02d1033.txt >>
RKreport[1]_S_01061980_02d1031.txt ; RKreport[2]_D_01061980_02d1032.txt ; RKreport[3]_SC_01061980_02d1033.txt
 
Two notes concerning TDSS. First, several threats were detected but I saw no option to cure. I skipped them and continued as you wrote to do. Also in the Change Parameters section under Objects To Scan there was something called Loaded Modules that was unchecked by default and so I left it unchecked. I'm not sure if this is important or not but I wanted to let you know. Here is the log I found:

10:41:34.0531 1840 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:41:34.0968 1840 ============================================================
10:41:34.0968 1840 Current date / time: 1980/01/06 10:41:34.0968
10:41:34.0968 1840 SystemInfo:
10:41:34.0968 1840
10:41:34.0968 1840 OS Version: 5.1.2600 ServicePack: 3.0
10:41:34.0968 1840 Product type: Workstation
10:41:34.0968 1840 ComputerName: HP29169229266
10:41:34.0968 1840 UserName: Administrator
10:41:34.0968 1840 Windows directory: C:\WINDOWS
10:41:34.0968 1840 System windows directory: C:\WINDOWS
10:41:34.0968 1840 Processor architecture: Intel x86
10:41:34.0968 1840 Number of processors: 2
10:41:34.0968 1840 Page size: 0x1000
10:41:34.0968 1840 Boot type: Normal boot
10:41:34.0968 1840 ============================================================
10:41:36.0218 1840 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:41:36.0218 1840 ============================================================
10:41:36.0218 1840 \Device\Harddisk0\DR0:
10:41:36.0218 1840 MBR partitions:
10:41:36.0218 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6D5FFE4
10:41:36.0218 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6D60023, BlocksNum 0x279E99A
10:41:36.0218 1840 ============================================================
10:41:36.0250 1840 C: <-> \Device\Harddisk0\DR0\Partition1
10:41:36.0281 1840 D: <-> \Device\Harddisk0\DR0\Partition2
10:41:36.0281 1840 ============================================================
10:41:36.0281 1840 Initialize success
10:41:36.0281 1840 ============================================================
10:42:11.0968 1648 ============================================================
10:42:11.0968 1648 Scan started
10:42:11.0968 1648 Mode: Manual; SigCheck; TDLFS;
10:42:11.0968 1648 ============================================================
10:42:12.0250 1648 ================ Scan system memory ========================
10:42:12.0265 1648 System memory - ok
10:42:12.0265 1648 ================ Scan services =============================
10:42:12.0421 1648 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
10:42:13.0265 1648 Aavmker4 - ok
10:42:13.0265 1648 Abiosdsk - ok
10:42:13.0281 1648 abp480n5 - ok
10:42:13.0296 1648 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
10:42:14.0406 1648 ac97intc - ok
10:42:14.0453 1648 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:42:14.0671 1648 ACPI - ok
10:42:14.0671 1648 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:42:14.0812 1648 ACPIEC - ok
10:42:14.0875 1648 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:14.0906 1648 AdobeFlashPlayerUpdateSvc - ok
10:42:14.0937 1648 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:42:15.0078 1648 adpu160m - ok
10:42:15.0093 1648 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
10:42:15.0109 1648 adpu320 ( UnsignedFile.Multi.Generic ) - warning
10:42:15.0109 1648 adpu320 - detected UnsignedFile.Multi.Generic (1)
10:42:15.0125 1648 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:42:15.0265 1648 aec - ok
10:42:15.0312 1648 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:42:15.0359 1648 AFD - ok
10:42:15.0359 1648 Aha154x - ok
10:42:15.0375 1648 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:42:15.0515 1648 aic78u2 - ok
10:42:15.0531 1648 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:42:15.0671 1648 aic78xx - ok
10:42:15.0718 1648 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:42:15.0859 1648 Alerter - ok
10:42:15.0875 1648 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:42:16.0015 1648 ALG - ok
10:42:16.0015 1648 AliIde - ok
10:42:16.0015 1648 amsint - ok
10:42:16.0156 1648 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:42:16.0171 1648 Apple Mobile Device - ok
10:42:16.0203 1648 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:42:16.0343 1648 AppMgmt - ok
10:42:16.0343 1648 asc - ok
10:42:16.0359 1648 asc3350p - ok
10:42:16.0359 1648 asc3550 - ok
10:42:16.0468 1648 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:16.0500 1648 aspnet_state - ok
10:42:16.0531 1648 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:42:16.0890 1648 aswFsBlk - ok
10:42:16.0937 1648 [ 81E695913FEFD4E23360A69C0F151797 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
10:42:17.0296 1648 aswKbd - ok
10:42:17.0312 1648 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
10:42:17.0671 1648 aswMon2 - ok
10:42:17.0687 1648 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
10:42:18.0046 1648 AswRdr - ok
10:42:18.0078 1648 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
10:42:18.0453 1648 aswSnx - ok
10:42:18.0484 1648 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
10:42:18.0843 1648 aswSP - ok
10:42:18.0875 1648 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
10:42:19.0234 1648 aswTdi - ok
10:42:19.0265 1648 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:42:19.0406 1648 AsyncMac - ok
10:42:19.0421 1648 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:42:19.0546 1648 atapi - ok
10:42:19.0562 1648 Atdisk - ok
10:42:19.0578 1648 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:42:19.0718 1648 Atmarpc - ok
10:42:19.0765 1648 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:42:19.0906 1648 AudioSrv - ok
10:42:19.0906 1648 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:42:20.0031 1648 audstub - ok
10:42:20.0093 1648 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:42:20.0468 1648 avast! Antivirus - ok
10:42:20.0468 1648 avast! Firewall - ok
10:42:20.0484 1648 [ 48BF91CFFBCDD12A710207F2A08FEC4D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:42:20.0531 1648 b57w2k - ok
10:42:20.0562 1648 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:42:20.0750 1648 Beep - ok
10:42:20.0796 1648 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:42:21.0000 1648 BITS - ok
10:42:21.0031 1648 [ 7F72473390FEEE312A66AF045C8EF0F6 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
10:42:21.0078 1648 Blfp - ok
10:42:21.0109 1648 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:42:21.0171 1648 Browser - ok
10:42:21.0171 1648 catchme - ok
10:42:21.0187 1648 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:42:21.0343 1648 cbidf2k - ok
10:42:21.0343 1648 cd20xrnt - ok
10:42:21.0343 1648 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:42:21.0484 1648 Cdaudio - ok
10:42:21.0515 1648 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:42:21.0640 1648 Cdfs - ok
10:42:21.0656 1648 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:42:21.0796 1648 Cdrom - ok
10:42:21.0812 1648 Changer - ok
10:42:21.0828 1648 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:42:21.0984 1648 CiSvc - ok
10:42:22.0000 1648 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:42:22.0140 1648 ClipSrv - ok
10:42:22.0203 1648 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:22.0234 1648 clr_optimization_v2.0.50727_32 - ok
10:42:22.0265 1648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:22.0406 1648 clr_optimization_v4.0.30319_32 - ok
10:42:22.0406 1648 CmdIde - ok
10:42:22.0421 1648 COMSysApp - ok
10:42:22.0421 1648 Cpqarray - ok
10:42:22.0468 1648 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:42:22.0640 1648 CryptSvc - ok
10:42:22.0640 1648 dac2w2k - ok
10:42:22.0656 1648 dac960nt - ok
10:42:22.0687 1648 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:42:22.0796 1648 DcomLaunch - ok
10:42:22.0828 1648 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:42:22.0953 1648 Dhcp - ok
10:42:22.0984 1648 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:42:23.0125 1648 Disk - ok
10:42:23.0125 1648 dmadmin - ok
10:42:23.0156 1648 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:42:23.0343 1648 dmboot - ok
10:42:23.0343 1648 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:42:23.0484 1648 dmio - ok
10:42:23.0500 1648 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:42:23.0640 1648 dmload - ok
10:42:23.0656 1648 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:42:23.0781 1648 dmserver - ok
10:42:23.0796 1648 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:42:23.0937 1648 DMusic - ok
10:42:23.0968 1648 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:42:24.0046 1648 Dnscache - ok
10:42:24.0093 1648 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:42:24.0218 1648 Dot3svc - ok
10:42:24.0250 1648 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:42:24.0390 1648 dpti2o - ok
10:42:24.0390 1648 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:42:24.0531 1648 drmkaud - ok
10:42:24.0546 1648 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:42:24.0703 1648 E100B - ok
10:42:24.0718 1648 EagleXNt - ok
10:42:24.0750 1648 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:42:24.0906 1648 EapHost - ok
10:42:24.0937 1648 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:42:25.0093 1648 ERSvc - ok
10:42:25.0140 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:42:25.0218 1648 Eventlog - ok
10:42:25.0234 1648 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:42:25.0281 1648 EventSystem - ok
10:42:25.0296 1648 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:42:25.0468 1648 Fastfat - ok
10:42:25.0500 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:42:25.0546 1648 FastUserSwitchingCompatibility - ok
10:42:25.0562 1648 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:42:25.0687 1648 Fdc - ok
10:42:25.0718 1648 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:42:25.0843 1648 Fips - ok
10:42:25.0875 1648 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:42:26.0015 1648 Flpydisk - ok
10:42:26.0031 1648 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:42:26.0171 1648 FltMgr - ok
10:42:26.0234 1648 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:26.0250 1648 FontCache3.0.0.0 - ok
10:42:26.0265 1648 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:42:26.0390 1648 Fs_Rec - ok
10:42:26.0406 1648 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:42:26.0546 1648 Ftdisk - ok
10:42:26.0578 1648 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:42:26.0593 1648 GEARAspiWDM - ok
10:42:26.0625 1648 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:42:26.0781 1648 Gpc - ok
10:42:26.0859 1648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:26.0890 1648 gupdate - ok
10:42:26.0890 1648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:26.0921 1648 gupdatem - ok
10:42:26.0953 1648 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
10:42:27.0015 1648 HdAudAddService - ok
10:42:27.0031 1648 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:42:27.0203 1648 HDAudBus - ok
10:42:27.0281 1648 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:42:27.0406 1648 helpsvc - ok
10:42:27.0421 1648 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:42:27.0562 1648 HidServ - ok
10:42:27.0593 1648 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:42:27.0718 1648 HidUsb - ok
10:42:27.0750 1648 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:42:27.0890 1648 hkmsvc - ok
10:42:27.0890 1648 hpn - ok
10:42:27.0921 1648 [ 85DD9EDBB1A035BA9B0E9FCC70624990 ] hpqwmi C:\Program Files\HPQ\Shared\hpqwmi.exe
10:42:27.0953 1648 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
10:42:27.0953 1648 hpqwmi - detected UnsignedFile.Multi.Generic (1)
10:42:27.0984 1648 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:42:28.0046 1648 HTTP - ok
10:42:28.0062 1648 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:42:28.0234 1648 HTTPFilter - ok
10:42:28.0234 1648 i2omgmt - ok
10:42:28.0234 1648 i2omp - ok
10:42:28.0265 1648 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:42:28.0406 1648 i8042prt - ok
10:42:28.0437 1648 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
10:42:28.0593 1648 i81x - ok
10:42:28.0625 1648 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
10:42:28.0781 1648 iAimFP0 - ok
10:42:28.0796 1648 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
10:42:28.0937 1648 iAimFP1 - ok
10:42:28.0953 1648 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
10:42:29.0093 1648 iAimFP2 - ok
10:42:29.0125 1648 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
10:42:29.0281 1648 iAimFP3 - ok
10:42:29.0296 1648 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
10:42:29.0453 1648 iAimFP4 - ok
10:42:29.0453 1648 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
10:42:29.0578 1648 iAimFP5 - ok
10:42:29.0593 1648 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
10:42:29.0718 1648 iAimFP6 - ok
10:42:29.0734 1648 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
10:42:29.0859 1648 iAimFP7 - ok
10:42:29.0875 1648 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
10:42:30.0000 1648 iAimTV0 - ok
10:42:30.0015 1648 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
10:42:30.0125 1648 iAimTV1 - ok
10:42:30.0140 1648 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
10:42:30.0250 1648 iAimTV3 - ok
10:42:30.0265 1648 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
10:42:30.0390 1648 iAimTV4 - ok
10:42:30.0390 1648 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
10:42:30.0515 1648 iAimTV5 - ok
10:42:30.0531 1648 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
10:42:30.0640 1648 iAimTV6 - ok
10:42:30.0703 1648 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:42:30.0750 1648 ialm - ok
10:42:30.0828 1648 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:30.0859 1648 idsvc - ok
10:42:30.0890 1648 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:42:31.0031 1648 Imapi - ok
10:42:31.0062 1648 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:42:31.0203 1648 ImapiService - ok
10:42:31.0218 1648 ini910u - ok
10:42:31.0328 1648 [ 38E36FD56F8CB7E8B9802531365856A4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:42:31.0453 1648 IntcAzAudAddService - ok
10:42:31.0468 1648 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:42:31.0640 1648 IntelIde - ok
10:42:31.0656 1648 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:42:31.0796 1648 intelppm - ok
10:42:31.0828 1648 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:42:31.0968 1648 Ip6Fw - ok
10:42:31.0984 1648 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:42:32.0109 1648 IpFilterDriver - ok
10:42:32.0125 1648 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:42:32.0265 1648 IpInIp - ok
10:42:32.0281 1648 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:42:32.0421 1648 IpNat - ok
10:42:32.0484 1648 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:42:32.0515 1648 iPod Service - ok
10:42:32.0546 1648 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:42:32.0671 1648 IPSec - ok
10:42:32.0687 1648 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:42:32.0812 1648 IRENUM - ok
10:42:32.0843 1648 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:42:32.0968 1648 isapnp - ok
10:42:33.0062 1648 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:42:33.0078 1648 JavaQuickStarterService - ok
10:42:33.0093 1648 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:42:33.0218 1648 Kbdclass - ok
10:42:33.0234 1648 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:42:33.0359 1648 kbdhid - ok
10:42:33.0375 1648 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:42:33.0515 1648 kmixer - ok
10:42:33.0515 1648 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:42:33.0578 1648 KSecDD - ok
10:42:33.0593 1648 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:42:33.0656 1648 lanmanserver - ok
10:42:33.0687 1648 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:42:33.0734 1648 lanmanworkstation - ok
10:42:33.0734 1648 lbrtfdc - ok
10:42:33.0765 1648 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:42:33.0890 1648 LmHosts - ok
10:42:33.0937 1648 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:42:35.0406 1648 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
10:42:35.0406 1648 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
10:42:35.0453 1648 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:42:36.0593 1648 MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
10:42:36.0593 1648 MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
10:42:36.0625 1648 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:42:37.0765 1648 MBAMService ( UnsignedFile.Multi.Generic ) - warning
10:42:37.0765 1648 MBAMService - detected UnsignedFile.Multi.Generic (1)
10:42:37.0812 1648 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:42:38.0000 1648 Messenger - ok
10:42:38.0031 1648 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:42:38.0156 1648 mnmdd - ok
10:42:38.0187 1648 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:42:38.0328 1648 mnmsrvc - ok
10:42:38.0343 1648 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:42:38.0484 1648 Modem - ok
10:42:38.0531 1648 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:42:38.0640 1648 Mouclass - ok
10:42:38.0671 1648 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:42:38.0812 1648 mouhid - ok
10:42:38.0843 1648 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:42:38.0984 1648 MountMgr - ok
10:42:39.0031 1648 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:42:39.0046 1648 MozillaMaintenance - ok
10:42:39.0062 1648 mraid35x - ok
10:42:39.0062 1648 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:42:39.0203 1648 MRxDAV - ok
10:42:39.0250 1648 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:42:39.0312 1648 MRxSmb - ok
10:42:39.0359 1648 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:42:39.0500 1648 MSDTC - ok
10:42:39.0515 1648 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:42:39.0625 1648 Msfs - ok
10:42:39.0640 1648 MSIServer - ok
10:42:39.0656 1648 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:42:39.0781 1648 MSKSSRV - ok
10:42:39.0796 1648 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:42:39.0921 1648 MSPCLOCK - ok
10:42:39.0937 1648 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:42:40.0062 1648 MSPQM - ok
10:42:40.0078 1648 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:42:40.0203 1648 mssmbios - ok
10:42:40.0234 1648 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:42:40.0250 1648 Mup - ok
10:42:40.0312 1648 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:42:40.0453 1648 napagent - ok
10:42:40.0484 1648 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:42:40.0609 1648 NDIS - ok
10:42:40.0640 1648 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:42:40.0671 1648 NdisTapi - ok
10:42:40.0687 1648 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:42:40.0812 1648 Ndisuio - ok
10:42:40.0828 1648 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:42:40.0953 1648 NdisWan - ok
10:42:40.0968 1648 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:42:41.0015 1648 NDProxy - ok
10:42:41.0015 1648 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:42:41.0140 1648 NetBIOS - ok
10:42:41.0171 1648 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:42:41.0312 1648 NetBT - ok
10:42:41.0343 1648 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:42:41.0484 1648 NetDDE - ok
10:42:41.0484 1648 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:42:41.0609 1648 NetDDEdsdm - ok
10:42:41.0640 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:42:41.0765 1648 Netlogon - ok
10:42:41.0796 1648 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:42:41.0921 1648 Netman - ok
10:42:41.0968 1648 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:42:41.0984 1648 NetTcpPortSharing - ok
10:42:42.0015 1648 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:42:42.0078 1648 Nla - ok
10:42:42.0093 1648 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:42:42.0234 1648 Npfs - ok
10:42:42.0265 1648 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:42:42.0406 1648 Ntfs - ok
10:42:42.0421 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:42:42.0562 1648 NtLmSsp - ok
10:42:42.0593 1648 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:42:42.0781 1648 NtmsSvc - ok
10:42:42.0796 1648 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:42:42.0953 1648 Null - ok
10:42:42.0968 1648 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:42:43.0125 1648 NwlnkFlt - ok
10:42:43.0125 1648 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:42:43.0296 1648 NwlnkFwd - ok
10:42:43.0312 1648 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
10:42:43.0453 1648 P3 - ok
10:42:43.0484 1648 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:42:43.0609 1648 Parport - ok
10:42:43.0625 1648 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:42:43.0750 1648 PartMgr - ok
10:42:43.0765 1648 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:42:43.0906 1648 ParVdm - ok
10:42:43.0968 1648 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
10:42:44.0000 1648 PCA ( UnsignedFile.Multi.Generic ) - warning
10:42:44.0000 1648 PCA - detected UnsignedFile.Multi.Generic (1)
10:42:44.0000 1648 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:42:44.0140 1648 PCI - ok
10:42:44.0140 1648 PCIDump - ok
10:42:44.0140 1648 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:42:44.0281 1648 PCIIde - ok
10:42:44.0312 1648 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:42:44.0437 1648 Pcmcia - ok
10:42:44.0453 1648 PDCOMP - ok
10:42:44.0484 1648 pdfcDispatcher - ok
10:42:44.0484 1648 PDFRAME - ok
10:42:44.0500 1648 PDRELI - ok
10:42:44.0500 1648 PDRFRAME - ok
10:42:44.0515 1648 perc2 - ok
10:42:44.0515 1648 perc2hib - ok
10:42:44.0546 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:42:44.0609 1648 PlugPlay - ok
10:42:44.0609 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:42:44.0750 1648 PolicyAgent - ok
10:42:44.0781 1648 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:42:44.0921 1648 PptpMiniport - ok
10:42:44.0937 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:42:45.0078 1648 ProtectedStorage - ok
10:42:45.0078 1648 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:42:45.0203 1648 PSched - ok
10:42:45.0203 1648 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:42:45.0343 1648 Ptilink - ok
10:42:45.0359 1648 ql1080 - ok
10:42:45.0359 1648 Ql10wnt - ok
10:42:45.0359 1648 ql12160 - ok
10:42:45.0375 1648 ql1240 - ok
10:42:45.0375 1648 ql1280 - ok
10:42:45.0390 1648 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:42:45.0531 1648 RasAcd - ok
10:42:45.0562 1648 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:42:45.0703 1648 RasAuto - ok
10:42:45.0703 1648 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:42:45.0828 1648 Rasl2tp - ok
10:42:45.0859 1648 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:42:46.0000 1648 RasMan - ok
10:42:46.0000 1648 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:42:46.0140 1648 RasPppoe - ok
10:42:46.0140 1648 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:42:46.0296 1648 Raspti - ok
10:42:46.0328 1648 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:42:46.0453 1648 Rdbss - ok
10:42:46.0468 1648 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:42:46.0609 1648 RDPCDD - ok
10:42:46.0640 1648 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:42:46.0765 1648 rdpdr - ok
10:42:46.0796 1648 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:42:46.0843 1648 RDPWD - ok
10:42:46.0890 1648 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:42:47.0031 1648 RDSessMgr - ok
10:42:47.0046 1648 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:42:47.0171 1648 redbook - ok
10:42:47.0203 1648 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:42:47.0328 1648 RemoteAccess - ok
10:42:47.0390 1648 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:42:47.0531 1648 RemoteRegistry - ok
10:42:47.0562 1648 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:42:47.0703 1648 RpcLocator - ok
10:42:47.0734 1648 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:42:47.0828 1648 RpcSs - ok
10:42:47.0859 1648 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:42:48.0015 1648 RSVP - ok
10:42:48.0031 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:42:48.0187 1648 SamSs - ok
10:42:48.0203 1648 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:42:48.0390 1648 SCardSvr - ok
10:42:48.0406 1648 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:42:48.0546 1648 Schedule - ok
10:42:48.0593 1648 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:42:48.0718 1648 Secdrv - ok
10:42:48.0718 1648 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:42:48.0859 1648 seclogon - ok
10:42:48.0875 1648 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:42:49.0015 1648 SENS - ok
10:42:49.0031 1648 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:42:49.0156 1648 serenum - ok
10:42:49.0156 1648 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:42:49.0281 1648 Serial - ok
10:42:49.0312 1648 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:42:49.0453 1648 Sfloppy - ok
10:42:49.0500 1648 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:42:49.0656 1648 SharedAccess - ok
10:42:49.0671 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:42:49.0718 1648 ShellHWDetection - ok
10:42:49.0734 1648 Simbad - ok
10:42:49.0937 1648 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:42:50.0093 1648 Skype C2C Service - ok
10:42:50.0140 1648 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:42:50.0171 1648 SkypeUpdate - ok
10:42:50.0218 1648 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:42:50.0390 1648 SONYPVU1 - ok
10:42:50.0406 1648 Sparrow - ok
10:42:50.0437 1648 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:42:50.0609 1648 splitter - ok
10:42:50.0640 1648 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:42:50.0687 1648 Spooler - ok
10:42:50.0703 1648 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:42:50.0843 1648 sr - ok
10:42:50.0859 1648 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:42:51.0000 1648 srservice - ok
10:42:51.0046 1648 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:42:51.0109 1648 Srv - ok
10:42:51.0140 1648 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:42:51.0281 1648 SSDPSRV - ok
10:42:51.0328 1648 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:42:51.0484 1648 stisvc - ok
10:42:51.0515 1648 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:42:51.0640 1648 swenum - ok
10:42:51.0671 1648 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:42:51.0796 1648 swmidi - ok
10:42:51.0812 1648 SwPrv - ok
10:42:51.0828 1648 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
10:42:51.0953 1648 symc810 - ok
10:42:51.0968 1648 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:42:52.0125 1648 symc8xx - ok
10:42:52.0125 1648 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
10:42:52.0140 1648 Symmpi ( UnsignedFile.Multi.Generic ) - warning
10:42:52.0140 1648 Symmpi - detected UnsignedFile.Multi.Generic (1)
10:42:52.0140 1648 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:42:52.0281 1648 sym_hi - ok
10:42:52.0296 1648 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:42:52.0437 1648 sym_u3 - ok
10:42:52.0453 1648 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:42:52.0578 1648 sysaudio - ok
10:42:52.0593 1648 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:42:52.0750 1648 SysmonLog - ok
10:42:52.0953 1648 [ 1FF41723B6CF6EF0D2456691B75131BB ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
10:42:53.0187 1648 TabletServicePen - ok
10:42:53.0234 1648 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:42:53.0421 1648 TapiSrv - ok
10:42:53.0468 1648 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:42:53.0546 1648 Tcpip - ok
10:42:53.0578 1648 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:42:53.0718 1648 TDPIPE - ok
10:42:53.0734 1648 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:42:53.0859 1648 TDTCP - ok
10:42:53.0875 1648 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:42:54.0015 1648 TermDD - ok
10:42:54.0031 1648 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:42:54.0187 1648 TermService - ok
10:42:54.0218 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:42:54.0250 1648 Themes - ok
10:42:54.0265 1648 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:42:54.0406 1648 TlntSvr - ok
10:42:54.0421 1648 TosIde - ok
10:42:54.0468 1648 [ C17EA46C3326A951DC3B8E883D661E0C ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
10:42:54.0500 1648 TouchServicePen - ok
10:42:54.0515 1648 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:42:54.0656 1648 TrkWks - ok
10:42:54.0687 1648 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:42:54.0828 1648 Udfs - ok
10:42:54.0828 1648 ultra - ok
10:42:54.0859 1648 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:42:55.0015 1648 upnphost - ok
10:42:55.0031 1648 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:42:55.0156 1648 UPS - ok
10:42:55.0187 1648 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:42:55.0250 1648 USBAAPL - ok
10:42:55.0265 1648 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:42:55.0406 1648 usbaudio - ok
10:42:55.0421 1648 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:42:55.0546 1648 usbccgp - ok
10:42:55.0578 1648 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:42:55.0703 1648 usbehci - ok
10:42:55.0718 1648 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:42:55.0875 1648 usbhub - ok
10:42:55.0906 1648 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:42:56.0046 1648 usbprint - ok
10:42:56.0062 1648 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:42:56.0187 1648 USBSTOR - ok
10:42:56.0203 1648 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:42:56.0328 1648 usbuhci - ok
10:42:56.0343 1648 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:42:56.0468 1648 VgaSave - ok
10:42:56.0484 1648 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:42:56.0625 1648 ViaIde - ok
10:42:56.0640 1648 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:42:56.0781 1648 VolSnap - ok
10:42:56.0828 1648 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:42:56.0953 1648 VSS - ok
10:42:56.0984 1648 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:42:57.0125 1648 W32Time - ok
10:42:57.0156 1648 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
10:42:57.0187 1648 wacmoumonitor - ok
10:42:57.0203 1648 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
10:42:57.0218 1648 wacommousefilter - ok
10:42:57.0265 1648 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
10:42:57.0281 1648 wacomvhid - ok
10:42:57.0281 1648 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:42:57.0421 1648 Wanarp - ok
10:42:57.0421 1648 WDICA - ok
10:42:57.0453 1648 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:42:57.0562 1648 wdmaud - ok
10:42:57.0593 1648 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:42:57.0765 1648 WebClient - ok
10:42:57.0812 1648 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:42:57.0984 1648 winmgmt - ok
10:42:58.0031 1648 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:42:58.0171 1648 WmdmPmSN - ok
10:42:58.0218 1648 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:42:58.0296 1648 Wmi - ok
10:42:58.0312 1648 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:42:58.0437 1648 WmiAcpi - ok
10:42:58.0468 1648 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:42:58.0609 1648 WmiApSrv - ok
10:42:58.0656 1648 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:42:58.0703 1648 WPFFontCache_v0400 - ok
10:42:58.0718 1648 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:42:58.0875 1648 WS2IFSL - ok
10:42:58.0906 1648 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:42:59.0046 1648 wscsvc - ok
10:42:59.0078 1648 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:42:59.0218 1648 wuauserv - ok
10:42:59.0250 1648 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:42:59.0390 1648 WZCSVC - ok
10:42:59.0406 1648 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:42:59.0546 1648 xmlprov - ok
10:42:59.0546 1648 ================ Scan global ===============================
10:42:59.0578 1648 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:42:59.0625 1648 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:42:59.0640 1648 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:42:59.0671 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:42:59.0687 1648 [Global] - ok
10:42:59.0687 1648 ================ Scan MBR ==================================
10:42:59.0703 1648 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
10:43:00.0031 1648 \Device\Harddisk0\DR0 - ok
10:43:00.0031 1648 ================ Scan VBR ==================================
10:43:00.0062 1648 [ 0CEDA5F288856D3F4824E045029D5669 ] \Device\Harddisk0\DR0\Partition1
10:43:00.0062 1648 \Device\Harddisk0\DR0\Partition1 - ok
10:43:00.0062 1648 [ 35BC752B029F8A29933E0CF0619A0A30 ] \Device\Harddisk0\DR0\Partition2
10:43:00.0062 1648 \Device\Harddisk0\DR0\Partition2 - ok
10:43:00.0062 1648 ============================================================
10:43:00.0062 1648 Scan finished
10:43:00.0062 1648 ============================================================
10:43:00.0171 3900 Detected object count: 7
10:43:00.0171 3900 Actual detected object count: 7
10:43:51.0718 3900 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0718 3900 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0718 3900 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0718 3900 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0734 3900 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0734 3900 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0734 3900 MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0734 3900 MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0734 3900 MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0734 3900 MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0734 3900 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0734 3900 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:51.0734 3900 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:51.0734 3900 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:28.0875 2124 Deinitialize success
 
Excellent work...time to finish up with a scan for remnants...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
Status
Not open for further replies.
Back