TechSpot

GAC_64 desktop.ini and Win:64.a(?) infection

Solved
By djhitman
Sep 5, 2012
  1. Not sure what my son downloaded, but it's not pretty. I have run Malwarebytes, Superantispyware, and system has avg internet security. Still cannot remove these viruses. Also, a windows\system32\services.exe file keeps coming up on multiple threat detections.
    Any help would be appreciated!
  2. djhitman

    djhitman TS Member Topic Starter Posts: 52

    I have a compaq running windows 7, if that helps!
  3. djhitman

    djhitman TS Member Topic Starter Posts: 52

    This is what malwarebytes found. But my AVG resident shield keeps finding other trojans and viruses!

    Attached Files:

  4. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Sorry, this is what the MBAM log says:
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.09.05.10
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Hitman :: HITMAN-HP [administrator]
    Protection: Enabled
    9/5/2012 3:56:42 PM
    mbam-log-2012-09-05 (15-56-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215566
    Time elapsed: 13 minute(s), 29 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    (end)
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  6. djhitman

    djhitman TS Member Topic Starter Posts: 52

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Hitman at 19:40:53 on 2012-09-05
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.789 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.facebook.com/
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FreeWorkz Games: {d1ecd019-8423-43de-98d1-7892af2da309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {0CC09160-108C-4759-BAB1-5C12C216E005} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Facebook Update] "C:\Users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
    uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    uRun: [Google Update] "C:\Users\Hitman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\2456C6B696E6E233646313 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\350756E6365627 : DhcpNameServer = 192.168.1.1 208.95.136.5 208.95.136.6
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\35471627273516C6F6E6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\A4F586F6D656F5573756 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\B696E646275646 : DhcpNameServer = 97.64.209.36 97.64.168.13
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\C45656075627 : DhcpNameServer = 208.95.136.5 208.95.136.6 208.95.136.4
    TCP: Interfaces\{9980562D-1032-44AB-A486-681219EA5379}\C4F65746350727573656D27657563747 : DhcpNameServer = 172.16.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    AppInit_DLLs: c:\progra~3\browse~1\22580~1.182\{16cdf~1\brwmngr.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: FreeWorkz Games: {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll
    BHO-X64: FreeWorkz Games - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB-X64: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
    TB-X64: {0CC09160-108C-4759-BAB1-5C12C216E005} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    AppInit_DLLs-X64: c:\progra~3\browse~1\22580~1.182\{16cdf~1\brwmngr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=HP_ss&mntrId=eebd28f90000000000001c659d04fb3e
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Hitman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Hitman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - user.js: extensions.BabylonToolbar.id - eebd28f90000000000001c659d04fb3e
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15578
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:30:48
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110396&tt=201208_mnt_n_3412_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-6-5 1160824]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120605.001\IDSviA64.sys [2012-6-5 488568]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [2012-8-26 1695776]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-3 655944]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 250056]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-5 129976]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-04 03:18:56 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-09-04 02:21:15 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
    2012-09-04 00:48:21 -------- d-----w- C:\Users\Hitman\AppData\Roaming\Malwarebytes
    2012-09-04 00:48:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-04 00:48:11 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-04 00:48:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 18:58:36 -------- d-----w- C:\Windows\SysWow64\searchplugins
    2012-09-03 18:58:36 -------- d-----w- C:\Windows\SysWow64\Extensions
    2012-09-03 15:28:11 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-03 15:22:56 -------- d-----w- C:\ProgramData\781287A802B36D01D0823CC64F147CE7
    2012-09-01 18:09:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9BDDE8E-F89D-4311-870B-0FBFF70C5ACF}\offreg.dll
    2012-09-01 00:30:07 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9BDDE8E-F89D-4311-870B-0FBFF70C5ACF}\mpengine.dll
    2012-08-26 17:02:38 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-08-26 17:02:35 -------- d-----w- C:\ProgramData\IBUpdaterService
    2012-08-26 17:02:02 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
    2012-08-26 17:02:00 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-08-26 17:01:57 -------- d-----w- C:\Users\Hitman\AppData\Local\Conduit
    2012-08-26 17:01:53 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe
    2012-08-26 17:01:43 -------- d-----w- C:\ProgramData\Browser Manager
    2012-08-26 16:31:10 651360 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_532\uninstall.exe
    2012-08-26 16:30:12 651360 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe
    2012-08-26 16:30:11 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe
    2012-08-26 16:30:03 -------- d-----w- C:\Users\Hitman\AppData\Roaming\PerformerSoft
    2012-08-26 16:30:01 651360 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_568\uninstall.exe
    2012-08-26 16:29:57 19000 ----a-w- C:\Windows\System32\roboot64.exe
    2012-08-26 16:29:52 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe
    2012-08-26 16:29:36 651360 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe
    2012-08-17 07:02:59 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-15 20:29:05 -------- d-----w- C:\ProgramData\WEBREG
    2012-08-15 20:26:59 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
    2012-08-15 20:24:39 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-15 20:20:24 -------- d-----w- C:\Program Files (x86)\Coupons
    2012-08-15 20:19:52 -------- d-----w- C:\Users\Hitman\AppData\Roaming\HpUpdate
    2012-08-15 20:06:14 -------- d-----w- C:\Users\Hitman\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-15 20:05:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-08-15 20:05:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-08-15 19:59:18 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2012-08-15 19:59:07 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2012-08-15 19:57:59 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
    2012-08-15 19:56:05 -------- d-----w- C:\Program Files\HP
    2012-08-15 19:46:04 880640 ----a-w- C:\Windows\System32\hposwia_p02c.dll
    2012-08-15 19:46:04 642360 ----a-w- C:\Windows\System32\hpzids40.dll
    2012-08-15 19:46:04 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
    2012-08-15 19:46:04 1403904 ----a-w- C:\Windows\System32\hpost_p02c.dll
    2012-08-15 19:46:03 515072 ----a-w- C:\Windows\System32\hposc_p02a.dll
    2012-08-15 02:29:32 67584 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 02:29:30 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 02:29:30 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 02:29:30 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 02:26:06 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 02:26:06 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 02:25:15 58880 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 02:25:15 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 02:25:15 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 02:25:08 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 02:24:25 956416 ----a-w- C:\Windows\System32\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-08-15 20:25:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 20:25:01 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 02:04:51 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
    2012-07-21 02:04:51 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
    2012-07-21 02:04:51 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
    2012-07-21 02:04:51 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
    2012-07-21 02:04:50 400168 ----a-w- C:\Windows\System32\SynCOM.dll
    2012-07-21 02:04:50 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
    2012-07-21 02:04:50 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
    2012-07-21 02:04:50 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 19:42:55.38 ===============
  7. djhitman

    djhitman TS Member Topic Starter Posts: 52

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/6/2010 7:43:25 PM
    System Uptime: 9/5/2012 4:23:15 PM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1605
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 216 GiB total, 157.664 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 2.33 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP90: 8/24/2012 6:49:50 PM - Windows Update
    RP91: 8/25/2012 2:35:12 PM - Installed Network64
    RP92: 8/26/2012 12:55:24 PM - Installed Call of Duty(R) 4 - Modern Warfare(TM) Demo
    RP93: 8/26/2012 12:55:41 PM - PC Performer Sun, Aug 26, 12 12:55
    RP94: 8/26/2012 12:59:26 PM - Installed DirectX
    RP95: 8/28/2012 7:14:06 AM - Windows Update
    RP96: 8/31/2012 8:28:37 PM - Windows Update
    RP97: 9/3/2012 10:29:07 PM - Removed WeatherBug
    RP98: 9/3/2012 10:37:00 PM - Removed BabylonObjectInstaller
    RP99: 9/3/2012 10:37:38 PM - Removed Call of Duty(R) 4 - Modern Warfare(TM) Demo
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2 MUI
    Adobe Shockwave Player 11.5
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Bar Platform
    Blackhawk Striker 2
    BufferChm
    Build-a-lot 2
    C4700
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Facebook Video Calling 1.2.0.159
    FATE
    Final Drive Nitro
    Google Chrome
    GPBaseService2
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 31
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    Norton Online Backup
    PC Speed Maximizer v3.0
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PS_AIO_06_C4700_SW_Min
    QuickTransfer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Software
    Recovery Manager
    RollerCoaster Tycoon 3: Platinum
    Roxio CinemaNow 2.0
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Show Presenter
    Skype Click to Call
    Skype™ 5.10
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    WebReg
    Wheel of Fortune 2
    WildTangent Games
    WildTangent Games App
    Winamp (remove only)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Wizard101
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/5/2012 8:55:17 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    9/5/2012 7:43:00 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/5/2012 7:29:25 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/5/2012 7:29:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/5/2012 4:24:03 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/5/2012 4:24:01 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/5/2012 4:22:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    9/4/2012 6:47:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.
    9/3/2012 8:41:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/3/2012 8:41:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/3/2012 8:41:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/3/2012 8:41:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/3/2012 8:41:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/3/2012 8:40:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS Wanarpv6
    9/3/2012 8:40:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/3/2012 5:12:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    9/3/2012 10:17:36 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636.
    9/3/2012 10:06:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/2/2012 9:29:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    9/2/2012 4:30:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    9/2/2012 2:03:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    9/2/2012 1:16:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Hitman-HP\Hitman SID (S-1-5-21-3215210023-636172019-1926784146-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/1/2012 12:47:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service.
    8/29/2012 8:58:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    .
    ==== End Of File ===========================
  8. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Thanks Broni for the post! I did as instructed, and here are the results.
    Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 05-09-2012 23:06:34
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-07-20] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-25] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [243544 2010-04-13] (Microsoft Corp.)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe [35328 2006-06-21] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-03] ()
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Hitman\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-05-19] (Hewlett-Packard Company)
    HKU\Hitman\...\Run: [Facebook Update] "C:\Users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
    HKU\Hitman\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Hitman\...\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" [x]
    HKU\Hitman\...\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" [x]
    HKU\Hitman\...\Run: [Google Update] "C:\Users\Hitman\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-20] (Google Inc.)
    HKU\Hitman\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-09-05] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs:
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    ==================== Services ====================
    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 Browser Manager; C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [1695776 2012-08-26] ()
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
    2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-03] ()
    ==================== Drivers =================================
    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-03] (AVG Technologies)
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120605.001\IDSvia64.sys [488568 2012-04-27] (Symantec Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120605.020\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120605.020\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-04-07] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-05 23:04 - 2012-09-05 23:04 - 00000000 ____D C:\FRST
    2012-09-05 15:35 - 2012-09-05 15:35 - 00607260 ____R (Swearware) C:\Users\Hitman\Desktop\dds.com
    2012-09-05 12:19 - 2012-09-05 12:20 - 00302592 ____A C:\Users\Hitman\Desktop\67x870q6.exe
    2012-09-05 11:43 - 2012-09-05 12:15 - 00001185 ____A C:\Users\Hitman\Desktop\New Text Document.txt
    2012-09-04 01:05 - 2012-09-04 01:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2012-09-04 01:05 - 2012-09-04 01:05 - 00000000 ____D C:\users\Administrator
    2012-09-03 19:18 - 2012-09-03 19:18 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-03 18:21 - 2012-09-03 18:21 - 00000000 ____D C:\Program Files (x86)\blekkotb_soc
    2012-09-03 16:48 - 2012-09-03 16:48 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 16:48 - 2012-09-03 16:48 - 00000000 ____D C:\Users\Hitman\AppData\Roaming\Malwarebytes
    2012-09-03 16:48 - 2012-09-03 16:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-03 16:48 - 2012-09-03 16:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-03 16:48 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-03 10:58 - 2012-09-03 10:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
    2012-09-03 10:58 - 2012-09-03 10:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2012-09-03 07:28 - 2012-09-03 07:28 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-03 07:22 - 2012-09-03 07:24 - 00000000 ____D C:\Users\All Users\781287A802B36D01D0823CC64F147CE7
    2012-08-26 09:02 - 2012-08-26 09:02 - 00000009 ____A C:\END
    2012-08-26 09:02 - 2012-08-26 09:02 - 00000000 ____D C:\Users\All Users\IBUpdaterService
    2012-08-26 09:02 - 2012-08-26 09:02 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-08-26 09:01 - 2012-09-03 18:19 - 00000000 ____D C:\Users\Hitman\AppData\Local\Conduit
    2012-08-26 09:01 - 2012-08-26 09:01 - 00000000 ____D C:\Users\All Users\Browser Manager
    2012-08-26 08:59 - 2012-08-26 08:59 - 00000336 ____A C:\Windows\game.ini
    2012-08-26 08:30 - 2012-09-03 18:33 - 00000000 ____D C:\Users\Hitman\AppData\Roaming\PerformerSoft
    2012-08-26 08:29 - 2012-03-14 11:47 - 00019000 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe
    2012-08-16 23:03 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-16 23:03 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-16 23:03 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-16 23:03 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-16 23:03 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-16 23:03 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-16 23:03 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-16 23:03 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-16 23:03 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-16 23:03 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-16 23:03 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-16 23:03 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-16 23:03 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-16 23:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-16 23:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-16 23:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-16 23:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-16 23:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-16 23:02 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-16 23:02 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-16 23:02 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-16 23:02 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-16 23:02 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-16 23:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-16 23:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-16 23:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-16 23:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-16 23:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-15 12:29 - 2012-08-15 12:29 - 00000000 ____D C:\Users\All Users\WEBREG
    2012-08-15 12:24 - 2012-08-15 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-15 12:21 - 2012-08-15 12:29 - 00000000 ____D C:\Users\Hitman\AppData\Roaming\HP
    2012-08-15 12:20 - 2012-08-15 12:20 - 00000000 ____D C:\Program Files (x86)\Coupons
    2012-08-15 12:19 - 2012-09-01 10:34 - 00000000 ____D C:\Users\Hitman\AppData\Roaming\HpUpdate
    2012-08-15 12:18 - 2012-08-15 12:18 - 00001121 ____A C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    2012-08-15 12:06 - 2012-08-15 12:06 - 00000000 ____D C:\Users\Hitman\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-15 12:05 - 2012-09-05 04:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-08-15 12:05 - 2012-08-15 12:05 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-08-15 12:05 - 2012-08-15 12:05 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-08-15 12:00 - 2012-08-15 12:00 - 00001275 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
    2012-08-15 12:00 - 2012-08-15 12:00 - 00000000 ____D C:\Users\All Users\HP Product Assistant
    2012-08-15 11:57 - 2009-04-16 10:08 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70v.dll
    2012-08-15 11:56 - 2012-08-15 11:56 - 00000000 ____D C:\Program Files\HP
    2012-08-15 11:55 - 2012-08-15 12:31 - 00208080 ____A C:\Windows\hpoins43.dat
    2012-08-15 11:55 - 2012-08-15 12:31 - 00001607 ____A C:\Users\All Users\hpzinstall.log
    2012-08-15 11:55 - 2010-01-30 05:11 - 00000601 ____N C:\Windows\hpomdl43.dat
    2012-08-15 11:46 - 2012-08-15 12:29 - 00000000 ____D C:\Users\All Users\HP
    2012-08-15 11:46 - 2009-04-16 03:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
    2012-08-15 11:46 - 2009-02-11 03:03 - 01403904 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_p02c.dll
    2012-08-15 11:46 - 2009-02-11 03:03 - 00880640 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_p02c.dll
    2012-08-15 11:46 - 2009-02-11 03:03 - 00515072 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_p02a.dll
    2012-08-15 11:46 - 2008-10-28 16:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll
    2012-08-14 18:29 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-14 18:29 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-14 18:29 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-14 18:29 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-14 18:26 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-14 18:26 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-14 18:25 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-14 18:25 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-14 18:25 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-14 18:25 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-14 18:25 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-14 18:25 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-14 18:24 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    ==================== 3 Months Modified Files ================================
    2012-09-05 18:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-05 18:57 - 2009-07-13 20:51 - 00078080 ____A C:\Windows\setupact.log
    2012-09-05 18:24 - 2012-06-05 08:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-05 18:20 - 2012-05-20 09:58 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    2012-09-05 17:57 - 2012-04-13 12:35 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    2012-09-05 17:57 - 2012-04-13 12:35 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    2012-09-05 15:35 - 2012-09-05 15:35 - 00607260 ____R (Swearware) C:\Users\Hitman\Desktop\dds.com
    2012-09-05 12:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-05 12:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-05 12:20 - 2012-09-05 12:19 - 00302592 ____A C:\Users\Hitman\Desktop\67x870q6.exe
    2012-09-05 12:15 - 2012-09-05 11:43 - 00001185 ____A C:\Users\Hitman\Desktop\New Text Document.txt
    2012-09-05 09:20 - 2012-05-20 09:58 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    2012-09-05 06:49 - 2010-10-06 21:37 - 00035314 ____A C:\Windows\PFRO.log
    2012-09-03 19:18 - 2012-09-03 19:18 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-03 16:48 - 2012-09-03 16:48 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 07:22 - 2010-08-17 00:34 - 01386530 ____A C:\Windows\WindowsUpdate.log
    2012-08-31 16:25 - 2011-04-01 17:17 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-08-26 09:02 - 2012-08-26 09:02 - 00000009 ____A C:\END
    2012-08-26 09:01 - 2010-07-10 18:07 - 00258194 ____A C:\Windows\DirectX.log
    2012-08-26 08:59 - 2012-08-26 08:59 - 00000336 ____A C:\Windows\game.ini
    2012-08-26 08:30 - 2012-05-19 10:54 - 00001893 ____A C:\user.js
    2012-08-25 09:58 - 2012-05-04 17:05 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForHitman.job
    2012-08-16 23:27 - 2009-07-13 20:45 - 00286168 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-16 15:47 - 2012-03-09 09:32 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-08-15 12:31 - 2012-08-15 11:55 - 00208080 ____A C:\Windows\hpoins43.dat
    2012-08-15 12:31 - 2012-08-15 11:55 - 00001607 ____A C:\Users\All Users\hpzinstall.log
    2012-08-15 12:27 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-15 12:27 - 2009-07-13 18:34 - 00000438 ____A C:\Windows\win.ini
    2012-08-15 12:25 - 2012-06-05 08:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 12:25 - 2012-03-09 10:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-15 12:24 - 2012-08-15 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-15 12:21 - 2010-10-06 14:49 - 00063032 ____A C:\Users\Hitman\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-15 12:18 - 2012-08-15 12:18 - 00001121 ____A C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    2012-08-15 12:05 - 2012-08-15 12:05 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-08-15 12:00 - 2012-08-15 12:00 - 00001275 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
    2012-07-27 16:40 - 2012-06-01 13:52 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-20 18:06 - 2012-07-20 18:06 - 00000085 ____A C:\SYNTPAD.LOG
    2012-07-20 18:06 - 2010-08-17 00:31 - 00008974 ____A C:\Windows\DPINST.LOG
    2012-07-20 18:04 - 2012-07-20 18:05 - 01390640 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
    2012-07-20 18:04 - 2012-07-20 18:05 - 00400168 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00271144 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00215336 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00214312 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00173352 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00147752 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo4.dll
    2012-07-20 18:04 - 2012-07-20 18:05 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
    2012-07-18 09:31 - 2012-08-14 18:25 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-04 14:04 - 2012-08-14 18:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:01 - 2012-08-14 18:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:01 - 2012-08-14 18:25 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:26 - 2012-08-14 18:25 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:23 - 2012-08-14 18:25 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-03 09:46 - 2012-09-03 16:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-28 20:55 - 2012-08-16 23:02 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-16 23:02 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-16 23:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-16 23:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:49 - 2012-08-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:48 - 2012-08-16 23:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-16 23:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-16 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-16 23:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-16 23:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-16 23:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-16 23:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-16 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-16 23:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-16 23:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-16 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-16 23:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-16 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-16 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-16 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-16 23:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-16 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-16 23:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:04 - 2012-08-16 23:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:01 - 2012-08-16 23:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-16 23:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-16 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-16 23:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-26 08:55 - 2009-07-13 21:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-19 03:45 - 2012-06-19 03:45 - 00000040 ____A C:\Windows\System32\?¾
    2012-06-13 23:15 - 2012-03-09 09:20 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-08 21:30 - 2012-07-11 08:18 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:46 - 2012-07-11 08:18 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

    ZeroAccess:
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\201d3dde
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-24 14:50:22
    Restore point made on: 2012-08-25 10:35:38
    Restore point made on: 2012-08-26 08:55:51
    Restore point made on: 2012-08-26 08:57:37
    Restore point made on: 2012-08-26 08:59:43
    Restore point made on: 2012-08-28 03:14:41
    Restore point made on: 2012-08-31 16:28:59
    Restore point made on: 2012-09-03 18:29:34
    Restore point made on: 2012-09-03 18:37:07
    Restore point made on: 2012-09-03 18:38:10
    ==================== Memory info ===========================
    Percentage of memory in use: 30%
    Total physical RAM: 1978.93 MB
    Available physical RAM: 1372.13 MB
    Total Pagefile: 1978.93 MB
    Available Pagefile: 1374.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions ============================
    1 Drive c: () (Fixed) (Total:216.44 GB) (Free:157.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:16.14 GB) (Free:2.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: () (Removable) (Total:3.76 GB) (Free:3.22 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3854 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 216 GB 200 MB
    Partition 3 Primary 16 GB 216 GB
    Partition 4 Primary 103 MB 232 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 216 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 16 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3853 MB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 3853 MB Healthy
    ==================================================================================
    Last Boot: 2012-09-04 14:29
    ==================== End Of Log =============================
  9. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Also, I did the re-run of frst and typed services.exe in the search box... It didn't post a log on my hard drive (search.txt)
  10. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    It creates a log on your USB drive.
  11. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Sorry, I must have clicked scan instead of search!

    Farbar Recovery Scan Tool (x64) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-06 15:07:25
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

    Attached Files:

  13. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-08 12:45:30 Run:1
    Running from H:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  14. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Rkill 2.3.10 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 09/09/2012 08:27:04 PM in x64 mode.
    Windows Version: Windows 7 Home Premium
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
    Backup Registry file created at:
    C:\Users\Hitman\Desktop\rkill\rkill-09-09-2012-08-27-05.reg
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic
    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic
    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic
    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic
    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual
    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual
    * NetBT (NetBT) is not Running.
    Startup Type set to: System
    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System
    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System
    * MpsSvc [Missing Service]
    * SharedAccess [Missing ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Program finished at: 09/09/2012 08:27:06 PM
    Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
  15. djhitman

    djhitman TS Member Topic Starter Posts: 52

    ComboFix 12-09-09.02 - Hitman 09/09/2012 20:30:36.5.1 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.1267 [GMT -4:00]
    Running from: c:\users\Hitman\Desktop\Dave_Starr.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -- Previous Run --
    .
    c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-06 07:04 . 2012-09-06 07:04 -------- d-----w- C:\FRST
    2012-09-04 09:05 . 2012-09-04 09:05 -------- d-----w- c:\users\Administrator
    2012-09-04 03:18 . 2012-09-04 03:18 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-09-04 02:21 . 2012-09-04 02:21 -------- d-----w- c:\program files (x86)\blekkotb_soc
    2012-09-04 00:48 . 2012-09-04 00:48 -------- d-----w- c:\users\Hitman\AppData\Roaming\Malwarebytes
    2012-09-04 00:48 . 2012-09-04 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-04 00:48 . 2012-09-04 00:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-04 00:48 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-03 18:58 . 2012-09-03 18:58 -------- d-----w- c:\windows\SysWow64\searchplugins
    2012-09-03 18:58 . 2012-09-03 18:58 -------- d-----w- c:\windows\SysWow64\Extensions
    2012-09-03 15:28 . 2012-09-03 15:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-09-03 15:22 . 2012-09-03 15:24 -------- d-----w- c:\programdata\781287A802B36D01D0823CC64F147CE7
    2012-09-01 00:30 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9BDDE8E-F89D-4311-870B-0FBFF70C5ACF}\mpengine.dll
    2012-08-26 17:02 . 2012-09-04 02:28 -------- d-----w- c:\programdata\Tarma Installer
    2012-08-26 17:02 . 2012-08-26 17:02 -------- d-----w- c:\programdata\IBUpdaterService
    2012-08-26 17:02 . 2012-08-26 16:52 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
    2012-08-26 17:02 . 2012-08-26 17:02 -------- d-----w- c:\program files (x86)\Conduit
    2012-08-26 17:01 . 2012-09-04 02:19 -------- d-----w- c:\users\Hitman\AppData\Local\Conduit
    2012-08-26 17:01 . 2012-08-26 16:52 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe
    2012-08-26 17:01 . 2012-08-26 17:01 -------- d-----w- c:\programdata\Browser Manager
    2012-08-26 16:31 . 2012-08-26 16:28 651360 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_532\uninstall.exe
    2012-08-26 16:30 . 2012-08-26 16:28 651360 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe
    2012-08-26 16:30 . 2012-08-26 16:52 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe
    2012-08-26 16:30 . 2012-09-04 02:33 -------- d-----w- c:\users\Hitman\AppData\Roaming\PerformerSoft
    2012-08-26 16:30 . 2012-08-26 16:28 651360 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_568\uninstall.exe
    2012-08-26 16:29 . 2012-03-14 19:47 19000 ----a-w- c:\windows\system32\roboot64.exe
    2012-08-26 16:29 . 2012-08-26 16:52 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe
    2012-08-26 16:29 . 2012-08-26 16:28 651360 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe
    2012-08-17 07:02 . 2012-06-29 03:49 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-15 20:29 . 2012-08-15 20:29 -------- d-----w- c:\programdata\WEBREG
    2012-08-15 20:26 . 2009-04-16 18:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
    2012-08-15 20:21 . 2012-08-15 20:29 -------- d-----w- c:\users\Hitman\AppData\Roaming\HP
    2012-08-15 20:20 . 2012-08-15 20:20 -------- d-----w- c:\program files (x86)\Coupons
    2012-08-15 20:19 . 2012-09-01 18:34 -------- d-----w- c:\users\Hitman\AppData\Roaming\HpUpdate
    2012-08-15 20:06 . 2012-08-15 20:06 -------- d-----w- c:\users\Hitman\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-15 20:05 . 2012-09-05 12:58 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-08-15 20:05 . 2012-08-15 20:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-08-15 20:00 . 2012-08-15 20:00 -------- d-----w- c:\programdata\HP Product Assistant
    2012-08-15 19:59 . 2012-08-15 19:59 -------- d-----w- c:\program files (x86)\Common Files\HP
    2012-08-15 19:59 . 2012-08-15 19:59 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2012-08-15 19:57 . 2009-04-16 18:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll
    2012-08-15 19:56 . 2012-08-15 19:56 -------- d-----w- c:\program files\HP
    2012-08-15 19:46 . 2012-08-15 20:29 -------- d-----w- c:\programdata\HP
    2012-08-15 19:46 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
    2012-08-15 19:46 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_p02c.dll
    2012-08-15 19:46 . 2009-02-11 11:03 1403904 ----a-w- c:\windows\system32\hpost_p02c.dll
    2012-08-15 19:46 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
    2012-08-15 19:46 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_p02a.dll
    2012-08-15 02:29 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
    2012-08-15 02:29 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 02:29 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 02:29 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 02:26 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 02:26 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 02:25 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 02:25 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 02:25 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 02:25 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 02:25 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 02:24 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 20:25 . 2012-06-05 16:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 20:25 . 2012-03-09 18:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 02:04 . 2012-07-21 02:05 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
    2012-07-21 02:04 . 2012-07-21 02:05 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
    2012-07-21 02:04 . 2012-07-21 02:05 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
    2012-07-21 02:04 . 2012-07-21 02:05 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2012-07-21 02:04 . 2012-07-21 02:05 400168 ----a-w- c:\windows\system32\SynCOM.dll
    2012-07-21 02:04 . 2012-07-21 02:05 271144 ----a-w- c:\windows\system32\SynCtrl.dll
    2012-07-21 02:04 . 2012-07-21 02:05 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
    2012-07-21 02:04 . 2012-07-21 02:05 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
    2012-06-14 07:15 . 2012-03-09 17:20 58957832 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "Facebook Update"="c:\users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-05 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2006-06-21 35328]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~3\BROWSE~1\22580~1.182\{16CDF~1\brwmngr.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
    R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-31 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [2012-08-26 1695776]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 20:25]
    .
    2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    - c:\users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 01:52]
    .
    2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    - c:\users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 01:52]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    - c:\users\Hitman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 17:57]
    .
    2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    - c:\users\Hitman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 17:57]
    .
    2012-09-08 c:\windows\Tasks\HPCeeScheduleForHitman.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=HP_ss&mntrId=eebd28f90000000000001c659d04fb3e
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_ss&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=eebd28f90000000000001c659d04fb3e&q=
    FF - user.js: extensions.BabylonToolbar.id - eebd28f90000000000001c659d04fb3e
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15578
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:30
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110396&tt=201208_mnt_n_3412_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    BHO-{D1ECD019-8423-43de-98D1-7892AF2DA309} - c:\users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-10 - (no file)
    Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
    Wow6432Node-HKCU-Run-PC Speed Maximizer - c:\program files (x86)\PC Speed Maximizer\SPMStarter.exe
    Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
    Toolbar-10 - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.7.2.3\InstStub.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\SysWOW64\schtasks.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-09 20:50:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-10 00:50
    .
    Pre-Run: 175,134,965,760 bytes free
    Post-Run: 174,757,634,048 bytes free
    .
    - - End Of File - - 0B91DC7AF121D900244E1BC7B2F4DC36
  16. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      atapi.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  17. djhitman

    djhitman TS Member Topic Starter Posts: 52

    SystemLook 30.07.11 by jpshortstuff
    Log created at 23:24 on 09/09/2012 by Hitman
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "atapi.sys"
    C:\Windows\erdnt\cache64\atapi.sys --a---- 24128 bytes [00:48 10/09/2012] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\System32\drivers\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
    -= EOF =-
  18. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    All files have very same MD5.
    I don't see any replacement.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Windows\System32\drivers\atapi.sys
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  19. djhitman

    djhitman TS Member Topic Starter Posts: 52

    I changed the folder options, like instructed.. but when I open up the virustotal web site, the hidden files do not show up when I browse for them, so I can't select the file to scan!
  20. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Are you sure you enabled SYSTEM files view?
  21. djhitman

    djhitman TS Member Topic Starter Posts: 52

    Yes, I did both steps.. Those files show up in windows explorer, just not when I have to browse from the site.
  22. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Copy the file to to your desktop and upload it from there.
  23. djhitman

    djhitman TS Member Topic Starter Posts: 52

    [​IMG]
    SHA256: 0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273
    SHA1: 954d59eaeadc36cb19a224a5dddfa1edcfdc49ce
    MD5: 02062c0b390b7729edc9e69c680a6f3c
    File size: 23.6 KB ( 24128 bytes )
    File name: atapi.sys
    File type: unknown
    Detection ratio: 0 / 41
    Analysis date: 2012-09-11 19:46:18 UTC ( 0 minutes ago )
    [​IMG]
    0​
    0​
    More details
    AntivirusResultUpdate
    AhnLab-V3 - 20120910
    AntiVir - 20120910
    Antiy-AVL - 20120910
    Avast - 20120910
    AVG - 20120910
    BitDefender - 20120910
    ByteHero - 20120907
    CAT-QuickHeal - 20120910
    ClamAV - 20120910
    Commtouch - 20120909
    Comodo - 20120910
    DrWeb - 20120910
    Emsisoft - 20120910
    eSafe - 20120907
    ESET-NOD32 - 20120910
    F-Prot - 20120909
    F-Secure - 20120910
    Fortinet - 20120830
    GData - 20120910
    Ikarus - 20120910
    Jiangmin - 20120910
    K7AntiVirus - 20120907
    Kaspersky - 20120910
    McAfee - 20120910
    McAfee-GW-Edition - 20120910
    Microsoft - 20120910
    Norman - 20120909
    nProtect - 20120910
    Panda - 20120910
    Rising - 20120910
    Sophos - 20120910
    SUPERAntiSpyware - 20120910
    Symantec - 20120910
    TheHacker - 20120910
    TotalDefense - 20120910
    TrendMicro - 20120910
    TrendMicro-HouseCall - 20120910
    VBA32 - 20120910
    VIPRE - 20120910
    ViRobot - 20120910
    VirusBuster - 20120910
  24. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Very well.
    It looks like Combofix was wrong.

    How is computer doing?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  25. djhitman

    djhitman TS Member Topic Starter Posts: 52

    OTL logfile created on: 9/11/2012 8:23:36 PM - Run 2
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Hitman\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.71% Memory free
    3.87 Gb Paging File | 2.59 Gb Available in Paging File | 66.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.44 Gb Total Space | 163.46 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
    Drive D: | 16.14 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
    Drive F: | 3.76 Gb Total Space | 3.22 Gb Free Space | 85.65% Space Free | Partition Type: FAT32

    Computer Name: HITMAN-HP | User Name: Hitman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/11 20:10:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    PRC - [2012/09/03 23:18:53 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2010/11/02 00:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
    PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/13 23:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
    PRC - [2006/06/21 13:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/26 13:01:45 | 002,046,496 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.dll
    MOD - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    MOD - [2006/06/21 13:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/04/19 21:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/03 23:18:53 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe -- (Browser Manager)
    SRV - [2012/08/15 16:25:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Start_Pending] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/03 23:18:56 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/07/20 22:04:51 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/22 21:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/04 23:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKLM\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes,DefaultScope = {45B8B8C8-FF91-400B-B28C-B7FDA1A8269D}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=eebd28f90000000000001c659d04fb3e
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/ble...120520D7CE4FC6B8BCC4AECA7D503C&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{45B8B8C8-FF91-400B-B28C-B7FDA1A8269D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...2f7094a6156&lang=en&ds=AVG&pr=pr&d=2012-06-19 07:41:52&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{D7A16101-E9C7-4369-BC7B-A9030ED8C0CB}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=11...HP_ss&mntrId=eebd28f90000000000001c659d04fb3e"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I'm Feeling Lucky&ie=UTF-8&oe=UTF-8&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hitman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/08/17 04:56:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/17 04:56:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_12_1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/15 16:19:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 11:22:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/15 16:19:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles/zly12i6x.default\extensions\specialsavings@superfish.com [2012/08/26 12:29:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/26 13:01:45 | 000,000,000 | ---D | M]

    [2012/05/19 14:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Extensions
    [2012/09/03 22:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions
    [2012/09/03 22:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}
    [2012/08/26 12:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\ffxtlbr@babylon.com
    [2012/08/26 12:29:45 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\specialsavings@superfish.com
    [2012/08/26 12:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\staged
    [2012/06/05 11:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7\
    [2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/03 23:18:37 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/08/26 12:30:37 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.