TechSpot

Need help with System Check virus

By codyb
Jan 9, 2012
  1. Hey,

    I have seen that some others have been getting some help after getting the system check virus.

    I don't even know how i got this virus i just opened up my firefox and it seemed to hit me!

    Now all of my programs and folders are gone, it is saying I am having hardware issues and i have a black screen!

    Please would somebody be able to help me I would greatly appreciate it!!!

    Thanks,
    Cody
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Start with this guide: http://www.bleepingcomputer.com/virus-removal/remove-system-check
     
  3. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Hey Broni,

    thank you so much for the reply!

    I have started following the guide and am now currently scanning my computer with malwarebytes.

    The only issue I have had so far is that i wasn't able to open the tdsskiller so i skipped that step as i haven't really seemed to have any problems with being redirected so far.

    should i still try and use tdsskiller ? i tried renaming it as 123.com and also as iexplorer.com

    i look forward to your reply,

    thanks,
    cody
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Don't worry about TDSSKiller for now.
     
  5. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Here are the results from my mbam scan:



    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.09.06

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Cody Brown :: CODY-BROWN [administrator]

    Protection: Disabled

    10/01/2012 3:27:55 AM
    mbam-log-2012-01-10 (03-27-55).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 622599
    Time elapsed: 1 hour(s), 15 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\uEwKkQfYkoLVFj.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\ProgramData\uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\ProgramData\MthmvJ2ZzQZitD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Cody Brown\Documents\Laptop Folder\cody\unzipped\ventrilo-2.1.4-Windows-i386\ventrilo-2.1.4-Windows-i386.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Cody Brown\Documents\Laptop Folder\cody\unzipped\zmdwm801\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

    (end)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)

    Please, download DDS from one of the 2 mirrors and save it to your desktop.

    Mirror 1
    Mirror 2

    * Disable any script blocking protection (if present)
    * Double click the dds icon to run the tool.
    * When done, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    * Save both reports to your desktop by clicking File>Save As in each log.

    Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Thank You soooooooooo much for helping me broni :)


    Here is the dds file:


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by Cody Brown at 9:56:58 on 2012-01-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4087.3093 [GMT 11:00]
    .
    AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    uInternet Settings,ProxyServer = 0.0.0.0:80
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917024201.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [MyWirelessCard] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\WirelessCard.exe
    uRun: [MyDetectWireless] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe
    uRun: [Google Update] "C:\Users\Cody Brown\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Akamai NetSession Interface] "C:\Users\Cody Brown\AppData\Local\Akamai\netsession_win.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
    mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\Users\CODYBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cody Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.169.1
    TCP: Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B} : DhcpNameServer = 192.168.169.1
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\34F6469725F636B637121212 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\34F64697723702E4564777F627B6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\940786F6E65637 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\940786F6E65637 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\C696E6B6379737 : DhcpNameServer = 139.130.4.4 203.50.2.71
    TCP: Interfaces\{AA4B0376-B043-4BC3-A85A-8E68168899C8} : DhcpNameServer = 139.130.4.4 203.50.2.71
    TCP: Interfaces\{AC4C6B1E-7835-4B6B-B993-F931CAA47AC7} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C9AC704B-92F7-4E1D-9DEB-3B90B1FC81A3} : DhcpNameServer = 211.29.132.12 61.88.88.88
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917024201.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
    mRun-x64: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    Hosts: 255.255.255.255 easyanticheat.se # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
    Hosts: 255.255.255.255 easyanticheat.com # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
    Hosts: 255.255.255.255 easyanticheat.org # misleading site
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\
    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Users\Cody Brown\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Cody Brown\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
    S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
    S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
    S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-17 13336]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-10 652872]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
    S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-4 199008]
    S2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-12-15 291064]
    S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-6-15 109168]
    S2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-12-15 291064]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-27 2320920]
    S2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
    S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2010-6-27 167936]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
    S3 bsusbser;Basecom USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\bsusbser.sys [2010-8-8 113664]
    S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
    S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-09 21:50:23 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
    2012-01-09 21:50:03 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
    2012-01-09 16:20:01 -------- d-----w- C:\FRST
    2012-01-09 16:03:35 -------- d-----w- C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
    2012-01-09 16:03:22 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-09 16:03:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 14:27:22 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
    2012-01-09 14:27:08 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
    2012-01-09 02:45:11 -------- d-----w- C:\Users\Cody Brown\.freemind
    2012-01-09 02:44:53 -------- d-----w- C:\Program Files (x86)\FreeMind
    2012-01-05 15:14:10 -------- d-----w- C:\Program Files (x86)\Market Samurai
    2012-01-03 04:46:36 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-01-03 04:46:35 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-03 04:46:34 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2012-01-03 04:46:34 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2012-01-03 04:46:34 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-03 04:46:34 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2012-01-03 04:46:34 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-03 04:46:34 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-03 04:46:34 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2012-01-03 04:46:34 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2012-01-03 04:46:34 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2012-01-03 04:46:34 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2012-01-03 04:39:39 -------- d-----w- C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
    2012-01-03 04:39:32 -------- d-----w- C:\Program Files (x86)\KeywordBlaze
    2011-12-26 11:15:59 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
    2011-12-26 11:15:32 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
    2011-12-16 00:16:33 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut
    2011-12-15 22:50:04 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
    2011-12-15 22:49:52 -------- d-----w- C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
    2011-12-14 21:20:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-14 21:20:49 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-14 21:20:47 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-14 21:20:47 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-14 21:20:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-14 21:20:45 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2012-01-01 22:27:21 72080 ----a-w- C:\Users\Cody Brown\g2mdlhlpx.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-28 01:14:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-19 11:14:52 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-12 05:16:36 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-10-12 05:16:22 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-12 05:14:54 51200 ----a-w- C:\Windows\System32\OpenCL.dll
    .
    ============= FINISH: 10:05:35.93 ===============
     
  8. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Here is the attach file log:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 27/06/2010 5:08:09 PM
    System Uptime: 10/01/2012 9:27:09 AM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | Socket 1156 | 2931/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 459 GiB total, 170.201 GiB free.
    D: is FIXED (NTFS) - 459 GiB total, 458.769 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Consumer IR Devices
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: Microsoft
    Name: Consumer IR Devices
    PNP Device ID: ROOT\SYSTEM\0001
    Service: circlass
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP144: 16/12/2011 4:00:11 AM - Windows Update
    RP145: 27/12/2011 3:00:38 AM - Scheduled Checkpoint
    RP146: 3/01/2012 3:10:01 AM - Scheduled Checkpoint
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 255.255.255.255 easyanticheat.se # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
    Hosts: 255.255.255.255 easyanticheat.com # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
    Hosts: 255.255.255.255 easyanticheat.org # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
    .
    ==== Installed Programs ======================
    .
    Acer eDisplay Management
    ACID Pro 7.0
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.4 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Template Projects & Footage
    Adobe After Effects CS3 Third Party Content
    Adobe After Effects CS5
    Adobe After Effects CS5 Third Party Content
    Adobe After Effects CS5 Third Party Royalty Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe Encore CS3 Library
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 9.1 MUI
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Soundbooth CS3 Scores
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Advertising Center
    AHV content for Acrobat and Flash
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alice Greenfingers
    Amazonia
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    ATI Catalyst Registration
    AviSynth 2.5
    Battlefield Heroes
    BlogMe
    Call of Duty 4: Modern Warfare
    Call of Duty: Black Ops
    Camtasia Studio 7
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Chicken Invaders 2
    Compatibility Pack for the 2007 Office system
    Core FTP LE 2.1
    Counter-Strike: Source
    Crazy John's Broadband
    D-Link DWA-131 Wireless N Nano USB Adapter
    D3DX10
    Dairy Dash
    Dream Day First Home
    Dropbox
    e-tax 2011
    eSobi v2
    Express Burn Disc Burning Software
    Express Rip
    Farm Frenzy 2
    First Class Flurry
    FreeMind
    FrostWire 4.21.5
    FXCM Trading Station
    Global Agenda
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    Granny In Paradise
    Heroes of Hellas
    Hotkey Utility
    HydraVision
    Identity Card
    ImagXpress
    Infix 4.30
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Invoice2go 4.0
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Keyword Blaze
    LimeWire 5.5.14
    Malwarebytes Anti-Malware version 1.60.0.1800
    Market Samurai
    MarketMeSuite
    McAfee Browser Protection Service
    McAfee SiteAdvisor Enterprise Plus
    McAfee Virus and Spyware Protection Service
    Merriam Websters Spell Jam
    Microsoft Office 2000 Professional
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIRC
    MixPad Audio Mixer
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble 1.2.3
    MYOB BusinessBasics v1
    MyWinLocker
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Norton Online Backup
    NVIDIA PhysX
    Opera 11.60
    PDF Settings
    Pivot Pro Plugin
    PunkBuster Services
    Quake Live Mozilla Plugin
    Quick and Dirty IMAP Mail Reader
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RunRev LiveCode 4.6.3
    Safari
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Skype™ 5.5
    Steam
    System Requirements Lab
    Team Fortress 2
    The Lord of the Rings FREE Trial
    TidySongs
    TidySongs (remove only)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Ventrilo Client
    VentriloMIX
    Videora iPhone Converter 6
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 x64 Runtime Setup Package
    Visual C++ 8.0 x86 Runtime Setup Package
    VLC media player 1.1.10
    Warsow 0.5
    WavePad Sound Editor
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xilisoft iPhone Video Converter 6
    Your Local Shortcut
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/01/2012 9:28:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/01/2012 9:28:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/01/2012 9:27:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/01/2012 9:27:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/01/2012 9:27:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/01/2012 9:27:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/01/2012 9:27:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr sptd Wanarpv6
    10/01/2012 9:27:12 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/01/2012 8:51:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    10/01/2012 8:50:48 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    10/01/2012 8:50:48 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    10/01/2012 2:44:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    10/01/2012 2:42:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    10/01/2012 10:05:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    .
    ==== End Of File ===========================
     
  9. codyb

    codyb TS Rookie Topic Starter Posts: 25

    I keep trying to run aswMBR and it looks like it is about to open up and then nothing happens :/

    do you know why this could be ?

    cheers,
    cody
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  11. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`71500000

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  13. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Cody Brown at 2012-01-10 10:46:39
    Running from C:\Users\Cody Brown\Downloads
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-10 10:33 - 2012-01-10 10:33 - 0000000 ____D C:\Users\Cody Brown\Downloads\bootkit_remover
    2012-01-10 10:32 - 2012-01-10 10:32 - 0059237 ____A C:\Users\Cody Brown\Desktop\bootkit.htm
    2012-01-10 10:32 - 2012-01-10 10:32 - 0044607 ____A C:\Users\Cody Brown\Downloads\bootkit_remover.zip
    2012-01-10 10:11 - 2012-01-10 10:11 - 4713472 ____A (AVAST Software) C:\Users\Cody Brown\Desktop\aswMBR.exe
    2012-01-10 09:56 - 2012-01-10 09:56 - 0607260 ____R (Swearware) C:\Users\Cody Brown\Downloads\dds.scr
    2012-01-10 09:40 - 2012-01-10 09:40 - 0302592 ____A C:\Users\Cody Brown\Downloads\0yn2u37y.exe
    2012-01-10 09:22 - 2012-01-10 09:23 - 0607260 ____A (Swearware) C:\Users\Cody Brown\Desktop\dds.scr
    2012-01-10 09:11 - 2012-01-06 02:14 - 0000935 ____A C:\Users\Public\Desktop\Market Samurai.lnk
    2012-01-10 09:11 - 2012-01-03 15:46 - 0001146 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-01-10 09:11 - 2012-01-03 15:39 - 0000915 ____A C:\Users\Public\Desktop\KeywordBlaze.lnk
    2012-01-10 09:11 - 2011-12-16 11:16 - 0001144 ____A C:\Users\Public\Desktop\Your Local Shortcut.lnk
    2012-01-10 09:11 - 2011-10-18 23:45 - 0000875 ____A C:\Users\Public\Desktop\Ventrilo.lnk
    2012-01-10 09:11 - 2011-10-04 00:58 - 0001018 ____A C:\Users\Public\Desktop\Mumble.lnk
    2012-01-10 09:11 - 2011-08-26 22:09 - 0001176 ____A C:\Users\Public\Desktop\LiveCode 4.6.3.lnk
    2012-01-10 09:11 - 2011-08-20 21:35 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-01-10 09:11 - 2011-08-13 21:39 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-01-10 09:11 - 2011-08-13 21:23 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-01-10 09:11 - 2011-08-13 21:19 - 0001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-01-10 09:11 - 2011-07-15 20:59 - 0001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-01-10 09:11 - 2011-06-15 11:28 - 0002049 ____A C:\Users\Public\Desktop\Acer eDisplay Management.lnk
    2012-01-10 09:11 - 2011-03-15 14:58 - 0001525 ____A C:\Users\Public\Desktop\MYOB BusinessBasics v1.lnk
    2012-01-10 09:11 - 2011-02-14 20:08 - 0001998 ____A C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    2012-01-10 09:11 - 2011-02-02 19:36 - 0001837 ____A C:\Users\Public\Desktop\Opera.lnk
    2012-01-10 09:11 - 2011-01-04 20:45 - 0002218 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
    2012-01-10 09:11 - 2011-01-04 20:45 - 0002204 ____A C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
    2012-01-10 09:11 - 2011-01-04 20:08 - 0001940 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
    2012-01-10 09:11 - 2010-11-30 12:59 - 0000959 ____A C:\Users\Public\Desktop\mIRC.lnk
    2012-01-10 09:11 - 2010-11-30 12:13 - 0001189 ____A C:\Users\Public\Desktop\Warsow.lnk
    2012-01-10 09:11 - 2010-11-04 15:26 - 0001172 ____A C:\Users\Public\Desktop\Camtasia Studio 7.lnk
    2012-01-10 09:11 - 2010-10-10 17:10 - 0002186 ____A C:\Users\Public\Desktop\Xilisoft iPhone Video Converter 6.lnk
    2012-01-10 09:11 - 2010-09-01 10:49 - 0000851 ____A C:\Users\Public\Desktop\BlogMe.lnk
    2012-01-10 09:11 - 2010-08-31 17:26 - 0001930 ____A C:\Users\Public\Desktop\ACID Pro 7.0.lnk
    2012-01-10 09:11 - 2010-08-27 22:29 - 0001063 ____A C:\Users\Public\Desktop\MarketMeSuite.lnk
    2012-01-10 09:11 - 2010-08-17 16:22 - 0001127 ____A C:\Users\Public\Desktop\MixPad Audio Mixer.lnk
    2012-01-10 09:11 - 2010-08-17 16:21 - 0001141 ____A C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    2012-01-10 09:11 - 2010-08-08 17:43 - 0002166 ____A C:\Users\Public\Desktop\Crazy John's Broadband.lnk
    2012-01-10 09:11 - 2010-07-06 13:58 - 0000977 ____A C:\Users\Public\Desktop\Core FTP Lite.lnk
    2012-01-10 09:11 - 2010-06-27 22:40 - 0000921 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-01-10 09:11 - 2010-06-27 18:18 - 0000958 ____A C:\Users\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    2012-01-10 09:11 - 2010-06-27 18:18 - 0000952 ____A C:\Users\Public\Desktop\Wireless Connection Manager.lnk
    2012-01-10 09:11 - 2009-11-27 04:52 - 0002752 ____A C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    2012-01-10 09:11 - 2009-07-14 15:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
    2012-01-10 09:07 - 2012-01-10 09:06 - 0302592 ____A C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
    2012-01-10 08:56 - 2012-01-10 08:54 - 0684297 ____A C:\Users\Cody Brown\Desktop\unhide.exe
    2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
    2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
    2012-01-10 03:20 - 2012-01-10 10:46 - 0000000 ____D C:\FRST
    2012-01-10 03:19 - 2012-01-10 03:19 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64.exe
    2012-01-10 03:04 - 2012-01-10 03:04 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-10 03:03 - 2012-01-10 03:24 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-10 03:02 - 2012-01-10 03:02 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Cody Brown\Desktop\mbam-setup.exe
    2012-01-10 02:56 - 2012-01-10 02:56 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Desktop\iexplore.com.exe
    2012-01-10 02:55 - 2012-01-10 02:55 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Downloads\tdsskiller.exe
    2012-01-10 02:49 - 2012-01-10 02:50 - 0000505 ____A C:\rkill.log
    2012-01-10 02:47 - 2012-01-10 02:46 - 1008141 ____A C:\Users\Cody Brown\Desktop\iExplore (1).exe
    2012-01-10 02:45 - 2012-01-10 02:46 - 1008141 ____A C:\Users\Cody Brown\Downloads\iExplore.exe
    2012-01-10 02:39 - 2012-01-10 09:28 - 0351894 ____A C:\Windows\ntbtlog.txt
    2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
    2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
    2012-01-10 01:11 - 2012-01-10 01:11 - 0000657 ____A C:\Users\Cody Brown\Desktop\System Check.lnk
    2012-01-09 13:45 - 2012-01-09 13:46 - 0000000 ____D C:\Users\Cody Brown\.freemind
    2012-01-09 13:44 - 2012-01-09 13:44 - 0001893 ____A C:\Users\Cody Brown\Desktop\FreeMind.lnk
    2012-01-09 13:44 - 2012-01-09 13:44 - 0000000 ____D C:\Program Files (x86)\FreeMind
    2012-01-09 13:42 - 2012-01-09 13:42 - 0102967 ____A C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
    2012-01-09 11:34 - 2012-01-09 11:34 - 0344254 ____A C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
    2012-01-08 13:53 - 2012-01-08 14:21 - 0128000 ____A C:\Users\Cody Brown\Desktop\treatment for constipation.msam
    2012-01-07 16:34 - 2012-01-07 16:45 - 0082944 ____A C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
    2012-01-07 15:12 - 2012-01-07 15:21 - 0150528 ____A C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
    2012-01-06 02:14 - 2012-01-06 02:14 - 0000000 ____D C:\Program Files (x86)\Market Samurai
    2012-01-03 15:43 - 2012-01-03 15:45 - 15292208 ____A (Mozilla) C:\Users\Cody Brown\Downloads\Firefox Setup 9.0.1.exe
    2012-01-03 15:40 - 2012-01-04 12:29 - 0023552 ____A C:\Users\Cody Brown\Documents\My First Workspace.kwbz
    2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
    2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Program Files (x86)\KeywordBlaze
    2011-12-26 22:15 - 2011-12-26 22:16 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
    2011-12-26 22:15 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
    2011-12-20 11:25 - 2011-12-20 11:26 - 1350660 ____A C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
    2011-12-20 11:22 - 2011-12-20 11:22 - 0070071 ____A C:\Users\Cody Brown\Desktop\Art8_BestProteinShakesforWomen.doc.pdf
    2011-12-20 11:15 - 2011-12-20 11:16 - 0185398 ____A C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
    2011-12-19 14:00 - 2011-12-19 14:00 - 1958728 ____A C:\Users\Cody Brown\Downloads\SCAN0149.JPG
    2011-12-18 10:48 - 2011-12-18 10:48 - 0027136 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri Building.doc
    2011-12-17 17:08 - 2011-12-17 17:08 - 0011776 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.doc
    2011-12-16 19:59 - 2011-12-16 19:59 - 0028195 ____A C:\Users\Cody Brown\Desktop\marketing-expert.jpg
    2011-12-16 11:16 - 2011-12-16 11:16 - 0000000 ____D C:\Program Files (x86)\ Your Local Shortcut
    2011-12-16 09:50 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
    2011-12-16 09:49 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
    2011-12-16 04:01 - 2011-11-04 13:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-16 04:01 - 2011-11-04 12:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-16 04:01 - 2011-11-04 12:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-12-16 04:01 - 2011-11-04 12:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-16 04:01 - 2011-11-04 12:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-16 04:01 - 2011-11-04 12:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-16 04:01 - 2011-11-04 12:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-16 04:01 - 2011-11-04 12:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-16 04:01 - 2011-11-04 12:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-12-16 04:01 - 2011-11-04 12:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-16 04:01 - 2011-11-04 12:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-16 04:01 - 2011-11-04 12:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-16 04:01 - 2011-11-04 12:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-16 04:01 - 2011-11-04 10:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-16 04:01 - 2011-11-04 09:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-12-16 04:01 - 2011-11-04 09:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-16 04:01 - 2011-11-04 09:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-12-16 04:01 - 2011-11-04 09:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-16 04:01 - 2011-11-04 09:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-16 04:01 - 2011-11-04 09:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-16 04:01 - 2011-11-04 09:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-16 04:01 - 2011-11-04 09:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-12-16 04:01 - 2011-11-04 09:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-16 04:01 - 2011-11-04 09:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-16 04:01 - 2011-11-04 09:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-16 04:01 - 2011-11-04 09:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-15 08:20 - 2011-11-24 15:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-15 08:20 - 2011-11-05 16:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-15 08:20 - 2011-11-05 15:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-12-15 08:20 - 2011-10-26 16:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-15 08:20 - 2011-10-15 17:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-15 08:20 - 2011-10-15 16:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-12-14 17:43 - 2011-12-20 15:51 - 0018944 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
    2011-12-14 16:55 - 2011-12-14 16:55 - 0015360 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
    2011-12-14 16:45 - 2011-12-14 16:45 - 2049467 ____A C:\Users\Cody Brown\Desktop\Capri.pdf
    2011-12-12 20:29 - 2011-12-12 20:29 - 2673928 ____A (EasyAntiCheat Solutions) C:\Users\Cody Brown\Downloads\EasyAntiCheat.exe
    2011-12-11 02:24 - 2011-12-11 02:24 - 0590794 ____A C:\Users\Cody Brown\Desktop\Untitled-1 copy.jpg


    ============ 3 Months Modified Files and Folders =============

    2012-01-10 10:46 - 2012-01-10 10:46 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64 (1).exe
    2012-01-10 10:46 - 2012-01-10 03:20 - 0000000 ____D C:\FRST
    2012-01-10 10:33 - 2012-01-10 10:33 - 0000000 ____D C:\Users\Cody Brown\Downloads\bootkit_remover
    2012-01-10 10:32 - 2012-01-10 10:32 - 0059237 ____A C:\Users\Cody Brown\Desktop\bootkit.htm
    2012-01-10 10:32 - 2012-01-10 10:32 - 0044607 ____A C:\Users\Cody Brown\Downloads\bootkit_remover.zip
    2012-01-10 10:11 - 2012-01-10 10:11 - 4713472 ____A (AVAST Software) C:\Users\Cody Brown\Desktop\aswMBR.exe
    2012-01-10 09:56 - 2012-01-10 09:56 - 0607260 ____R (Swearware) C:\Users\Cody Brown\Downloads\dds.scr
    2012-01-10 09:40 - 2012-01-10 09:40 - 0302592 ____A C:\Users\Cody Brown\Downloads\0yn2u37y.exe
    2012-01-10 09:33 - 2009-07-14 16:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-10 09:28 - 2012-01-10 02:39 - 0351894 ____A C:\Windows\ntbtlog.txt
    2012-01-10 09:27 - 2007-10-11 06:48 - 3214479360 __ASH C:\hiberfil.sys
    2012-01-10 09:26 - 2007-10-11 06:52 - 1368477 ____A C:\Windows\WindowsUpdate.log
    2012-01-10 09:25 - 2010-06-27 19:35 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Skype
    2012-01-10 09:23 - 2012-01-10 09:22 - 0607260 ____A (Swearware) C:\Users\Cody Brown\Desktop\dds.scr
    2012-01-10 09:17 - 2010-09-02 11:31 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000UA.job
    2012-01-10 09:06 - 2012-01-10 09:07 - 0302592 ____A C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
    2012-01-10 09:02 - 2010-06-27 18:38 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-01-10 08:56 - 2009-07-14 15:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-10 08:56 - 2009-07-14 15:45 - 0014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-10 08:54 - 2012-01-10 08:56 - 0684297 ____A C:\Users\Cody Brown\Desktop\unhide.exe
    2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
    2012-01-10 08:50 - 2012-01-10 08:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
    2012-01-10 08:49 - 2010-08-08 17:44 - 0000943 ____A C:\Windows\WirelessCard.INI
    2012-01-10 08:49 - 2010-06-27 22:14 - 0000000 ____D C:\Program Files (x86)\Steam
    2012-01-10 08:49 - 2010-06-27 18:24 - 0000000 ____D C:\Users\Cody Brown\Tracing
    2012-01-10 08:48 - 2010-06-27 18:38 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-01-10 08:48 - 2009-11-27 04:58 - 0817112 ____A C:\Windows\PFRO.log
    2012-01-10 08:48 - 2009-07-14 16:08 - 0000006 ____A C:\Windows\Tasks\SA.DAT
    2012-01-10 08:48 - 2009-07-14 15:51 - 0105467 ____A C:\Windows\setupact.log
    2012-01-10 03:24 - 2012-01-10 03:03 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-10 03:19 - 2012-01-10 03:19 - 1379209 ____A C:\Users\Cody Brown\Downloads\FRST64.exe
    2012-01-10 03:04 - 2012-01-10 03:04 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2012-01-10 03:03 - 2012-01-10 03:03 - 0000000 ____D C:\ProgramData\Malwarebytes
    2012-01-10 03:02 - 2012-01-10 03:02 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\Cody Brown\Desktop\mbam-setup.exe
    2012-01-10 02:56 - 2012-01-10 02:56 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Desktop\iexplore.com.exe
    2012-01-10 02:55 - 2012-01-10 02:55 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Cody Brown\Downloads\tdsskiller.exe
    2012-01-10 02:50 - 2012-01-10 02:49 - 0000505 ____A C:\rkill.log
    2012-01-10 02:46 - 2012-01-10 02:47 - 1008141 ____A C:\Users\Cody Brown\Desktop\iExplore (1).exe
    2012-01-10 02:46 - 2012-01-10 02:45 - 1008141 ____A C:\Users\Cody Brown\Downloads\iExplore.exe
    2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
    2012-01-10 01:27 - 2012-01-10 01:27 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
    2012-01-10 01:11 - 2012-01-10 01:11 - 0000657 ____A C:\Users\Cody Brown\Desktop\System Check.lnk
    2012-01-10 00:36 - 2011-10-04 16:19 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Mumble
    2012-01-09 23:20 - 2010-07-06 13:59 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\CoreFTP
    2012-01-09 13:46 - 2012-01-09 13:45 - 0000000 ____D C:\Users\Cody Brown\.freemind
    2012-01-09 13:45 - 2010-06-27 18:08 - 0000000 ____D C:\users\Cody Brown
    2012-01-09 13:44 - 2012-01-09 13:44 - 0001893 ____A C:\Users\Cody Brown\Desktop\FreeMind.lnk
    2012-01-09 13:44 - 2012-01-09 13:44 - 0000000 ____D C:\Program Files (x86)\FreeMind
    2012-01-09 13:42 - 2012-01-09 13:42 - 0102967 ____A C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
    2012-01-09 11:34 - 2012-01-09 11:34 - 0344254 ____A C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
    2012-01-09 11:18 - 2010-09-27 18:50 - 0018074 ____A C:\Users\Cody Brown\AppData\Roaming\wklnhst.dat
    2012-01-09 11:18 - 2009-07-14 16:32 - 0000000 ____D C:\Windows\System32\FxsTmp
    2012-01-09 04:17 - 2010-09-02 11:31 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000Core.job
    2012-01-08 14:21 - 2012-01-08 13:53 - 0128000 ____A C:\Users\Cody Brown\Desktop\treatment for constipation.msam
    2012-01-07 20:18 - 2010-09-02 11:40 - 0002432 ____A C:\Users\Cody Brown\Desktop\Google Chrome.lnk
    2012-01-07 16:45 - 2012-01-07 16:34 - 0082944 ____A C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
    2012-01-07 15:21 - 2012-01-07 15:12 - 0150528 ____A C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
    2012-01-06 02:14 - 2012-01-10 09:11 - 0000935 ____A C:\Users\Public\Desktop\Market Samurai.lnk
    2012-01-06 02:14 - 2012-01-06 02:14 - 0000000 ____D C:\Program Files (x86)\Market Samurai
    2012-01-04 12:29 - 2012-01-03 15:40 - 0023552 ____A C:\Users\Cody Brown\Documents\My First Workspace.kwbz
    2012-01-03 18:05 - 2011-04-15 00:22 - 0000000 ____D C:\Program Files (x86)\Ask.com
    2012-01-03 15:46 - 2012-01-10 09:11 - 0001146 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-01-03 15:46 - 2010-06-27 19:25 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-01-03 15:45 - 2012-01-03 15:43 - 15292208 ____A (Mozilla) C:\Users\Cody Brown\Downloads\Firefox Setup 9.0.1.exe
    2012-01-03 15:39 - 2012-01-10 09:11 - 0000915 ____A C:\Users\Public\Desktop\KeywordBlaze.lnk
    2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
    2012-01-03 15:39 - 2012-01-03 15:39 - 0000000 ____D C:\Program Files (x86)\KeywordBlaze
    2012-01-02 09:27 - 2011-04-07 12:06 - 0072080 ____A C:\Users\Cody Brown\g2mdlhlpx.exe
    2011-12-30 15:20 - 2010-06-27 18:22 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Adobe
    2011-12-26 23:11 - 2011-09-19 12:52 - 0000000 ___RD C:\Users\Cody Brown\Dropbox
    2011-12-26 23:11 - 2011-09-19 12:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Dropbox
    2011-12-26 22:16 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
    2011-12-26 22:15 - 2011-12-26 22:15 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
    2011-12-22 20:53 - 2009-07-14 13:34 - 0000402 ____A C:\Windows\System32\Drivers\etc\hosts
    2011-12-20 15:51 - 2011-12-14 17:43 - 0018944 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
    2011-12-20 11:26 - 2011-12-20 11:25 - 1350660 ____A C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
    2011-12-20 11:22 - 2011-12-20 11:22 - 0070071 ____A C:\Users\Cody Brown\Desktop\Art8_BestProteinShakesforWomen.doc.pdf
    2011-12-20 11:16 - 2011-12-20 11:15 - 0185398 ____A C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
    2011-12-20 07:17 - 2011-11-03 11:38 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\Akamai
    2011-12-19 14:00 - 2011-12-19 14:00 - 1958728 ____A C:\Users\Cody Brown\Downloads\SCAN0149.JPG
    2011-12-18 10:48 - 2011-12-18 10:48 - 0027136 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri Building.doc
    2011-12-17 17:08 - 2011-12-17 17:08 - 0011776 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.doc
    2011-12-16 19:59 - 2011-12-16 19:59 - 0028195 ____A C:\Users\Cody Brown\Desktop\marketing-expert.jpg
    2011-12-16 11:16 - 2012-01-10 09:11 - 0001144 ____A C:\Users\Public\Desktop\Your Local Shortcut.lnk
    2011-12-16 11:16 - 2011-12-16 11:16 - 0000000 ____D C:\Program Files (x86)\ Your Local Shortcut
    2011-12-16 09:50 - 2011-12-16 09:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
    2011-12-16 09:50 - 2011-12-16 09:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
    2011-12-16 05:00 - 2009-07-14 14:20 - 0000000 ____D C:\Windows\rescache
    2011-12-16 04:23 - 2009-07-14 15:45 - 5249704 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-16 04:02 - 2010-06-30 10:53 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-14 16:55 - 2011-12-14 16:55 - 0015360 ____A C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
    2011-12-14 16:45 - 2011-12-14 16:45 - 2049467 ____A C:\Users\Cody Brown\Desktop\Capri.pdf
    2011-12-12 20:29 - 2011-12-12 20:29 - 2673928 ____A (EasyAntiCheat Solutions) C:\Users\Cody Brown\Downloads\EasyAntiCheat.exe
    2011-12-11 02:24 - 2011-12-11 02:24 - 0590794 ____A C:\Users\Cody Brown\Desktop\Untitled-1 copy.jpg
    2011-12-10 23:18 - 2011-12-10 23:17 - 0867537 ____A C:\Users\Cody Brown\Desktop\Untitled-1.jpg
    2011-12-10 20:56 - 2011-11-15 15:04 - 0019968 ____A C:\Users\Cody Brown\Desktop\Web Design Creative Brief.wps
    2011-12-08 21:35 - 2011-11-13 11:19 - 0018560 ____A C:\Users\Cody Brown\Desktop\Web Design Creative Brief.docx
    2011-12-08 21:29 - 2010-06-27 18:33 - 0000000 ____D C:\Program Files (x86)\Opera
    2011-12-07 23:26 - 2010-06-27 18:23 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\Google
    2011-12-07 00:10 - 2011-12-07 00:10 - 0122919 ____A C:\Users\Cody Brown\Desktop\caekgaminglogo.jpg
    2011-12-06 11:02 - 2011-12-06 11:02 - 0700715 ____A C:\Users\Cody Brown\Desktop\dotcom.jpg
    2011-12-06 10:39 - 2011-12-06 10:39 - 0196445 ____A C:\Users\Cody Brown\Desktop\example1.jpg
    2011-12-04 10:24 - 2011-12-04 09:40 - 0146432 ____A C:\Users\Cody Brown\Desktop\christmas toys.msam
    2011-12-04 09:41 - 2011-04-15 23:59 - 0150108 ____A C:\Windows\SysWOW64\mlfcache.dat
    2011-12-02 12:55 - 2011-12-02 12:55 - 0025161 ____A C:\Users\Cody Brown\Desktop\Google Place Page Info.pdf
    2011-11-30 10:43 - 2011-11-30 10:38 - 43678872 ____A (RunRev Ltd) C:\Users\Cody Brown\Desktop\LiveCodeInstaller-5_0_0-Windows.exe
    2011-11-27 02:13 - 2011-11-27 02:13 - 0005176 ____A C:\Users\Cody Brown\Desktop\googleplus.png
    2011-11-24 15:52 - 2011-12-15 08:20 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-24 11:51 - 2011-05-27 08:37 - 0000000 ___RD C:\Program Files (x86)\Skype
    2011-11-24 11:50 - 2011-11-24 11:50 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{FAB49005-D699-4310-A81F-7157821DB89F}
    2011-11-24 11:50 - 2011-11-24 11:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{E91DD71F-220F-426E-8C74-836BD723F420}
    2011-11-18 02:19 - 2010-07-05 13:59 - 0000000 ____D C:\Users\All Users\FLEXnet
    2011-11-18 02:19 - 2010-07-05 13:59 - 0000000 ____D C:\ProgramData\FLEXnet
    2011-11-17 11:47 - 2010-07-06 11:42 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Apple Computer
    2011-11-14 18:13 - 2011-11-14 18:13 - 1299028 ____A C:\Users\Cody Brown\Desktop\E-commerce article.zip
    2011-11-13 22:49 - 2011-11-13 22:49 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\YourLocalShorcut
    2011-11-13 22:48 - 2011-11-13 22:48 - 0000000 ____D C:\Users\Cody Brown\Desktop\YourLocalShortcutSetup
    2011-11-13 22:05 - 2011-11-13 22:05 - 0000000 ____D C:\Users\All Users\id Software
    2011-11-13 22:05 - 2011-11-13 22:05 - 0000000 ____D C:\ProgramData\id Software
    2011-11-13 15:45 - 2011-11-13 15:45 - 0672562 ____A C:\Users\Cody Brown\Downloads\DeepPocketsGPS.pdf
    2011-11-12 13:57 - 2011-11-12 13:57 - 0004990 ____A C:\Users\Cody Brown\Desktop\Ex6TenZ.rar
    2011-11-11 09:50 - 2011-11-11 09:50 - 0473838 ____A C:\Users\Cody Brown\Desktop\facebook viral script.zip
    2011-11-11 09:16 - 2011-11-11 09:16 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{ECEC099D-8EF1-4A44-882D-8F8521ADB2B2}
    2011-11-11 04:18 - 2009-07-14 14:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-09 10:26 - 2011-11-09 10:26 - 0300818 ____A C:\Users\Cody Brown\Desktop\flightinvoice.jpg
    2011-11-07 16:57 - 2011-11-07 16:57 - 0009383 ____A C:\Users\Cody Brown\Desktop\BoomAV Inv3089 Studio 8 Web Hosting.pdf
    2011-11-07 14:17 - 2011-11-07 14:17 - 1887320 ____A C:\Users\Cody Brown\Desktop\ikontop10 28th October - 4th November 2011.pdf
    2011-11-06 11:06 - 2011-04-13 10:56 - 0000000 ____D C:\Users\Cody Brown\Documents\Random ****
    2011-11-05 16:32 - 2011-12-15 08:20 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-05 16:04 - 2011-11-05 16:04 - 0000000 ____D C:\Users\All Users\ATI
    2011-11-05 16:04 - 2011-11-05 16:04 - 0000000 ____D C:\ProgramData\ATI
    2011-11-05 16:03 - 2011-11-05 16:03 - 0000000 ____D C:\Program Files (x86)\AMD APP
    2011-11-05 16:03 - 2011-01-17 13:43 - 0000000 ____D C:\Program Files\ATI Technologies
    2011-11-05 15:26 - 2011-12-15 08:20 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-11-05 11:28 - 2011-11-05 11:28 - 0116373 ____A C:\Users\Cody Brown\Desktop\newburstsmsplan.pdf
    2011-11-05 11:22 - 2011-11-03 10:29 - 0016896 ____A C:\Users\Cody Brown\Desktop\Hawaii 2012.xls
    2011-11-04 13:38 - 2011-12-16 04:01 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-04 12:59 - 2011-12-16 04:01 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-04 12:53 - 2011-12-16 04:01 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-11-04 12:46 - 2011-12-16 04:01 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-04 12:44 - 2011-12-16 04:01 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-11-04 12:44 - 2011-12-16 04:01 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-04 12:43 - 2011-12-16 04:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-04 12:41 - 2011-12-16 04:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-04 12:39 - 2011-12-16 04:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-11-04 12:36 - 2011-12-16 04:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-04 12:35 - 2011-12-16 04:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-04 12:34 - 2011-12-16 04:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-04 12:30 - 2011-12-16 04:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-11-04 10:02 - 2011-12-16 04:01 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-11-04 09:47 - 2011-12-16 04:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-11-04 09:46 - 2011-12-16 04:01 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-11-04 09:40 - 2011-12-16 04:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-11-04 09:40 - 2011-12-16 04:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-11-04 09:39 - 2011-12-16 04:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-11-04 09:38 - 2011-12-16 04:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-11-04 09:37 - 2011-12-16 04:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-11-04 09:34 - 2011-12-16 04:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-11-04 09:32 - 2011-12-16 04:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-11-04 09:32 - 2011-12-16 04:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-11-04 09:31 - 2011-12-16 04:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-11-04 09:28 - 2011-12-16 04:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-11-02 11:13 - 2011-11-02 11:13 - 0083084 ____A C:\Users\Cody Brown\Desktop\Cody EFT.pdf
    2011-10-28 12:14 - 2011-10-28 12:14 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2011-10-28 12:07 - 2011-10-28 12:07 - 0000000 ____D C:\Windows\System32\Macromed
    2011-10-26 16:21 - 2011-12-15 08:20 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-19 22:14 - 2011-10-19 22:14 - 0059904 ____A C:\Windows\SysWOW64\OVDecode.dll
    2011-10-18 23:47 - 2011-10-12 20:43 - 0000000 ____D C:\Users\Cody Brown\AppData\Roaming\Ventrilo
    2011-10-18 23:45 - 2012-01-10 09:11 - 0000875 ____A C:\Users\Public\Desktop\Ventrilo.lnk
    2011-10-18 23:45 - 2011-10-18 23:45 - 0000268 ____A C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    2011-10-18 23:45 - 2011-10-18 23:45 - 0000000 ____D C:\Program Files (x86)\Ventrilo
    2011-10-17 10:20 - 2011-10-17 10:20 - 0001697 ____A C:\Users\Cody Brown\Desktop\invoice.pdf
    2011-10-16 13:12 - 2011-10-16 13:12 - 0000000 ____D C:\Users\Cody Brown\Desktop\BabyGrandSurrender
    2011-10-15 22:07 - 2011-10-15 22:07 - 0004121 ____A C:\Users\Cody Brown\Desktop\russellbrunson.txt
    2011-10-15 17:31 - 2011-12-15 08:20 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-15 16:38 - 2011-12-15 08:20 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-10-14 13:33 - 2011-10-14 13:33 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{8F05615C-E0A0-441F-9E6F-09FE4F63228B}
    2011-10-14 13:33 - 2011-10-14 13:33 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{684458D1-5A12-4F9E-BF4B-F9AB7D95357F}
    2011-10-13 12:43 - 2011-10-13 12:43 - 0107756 ____A C:\Users\Cody Brown\Desktop\Burst_SMS_Longcode_Rate_Card.pdf
    2011-10-13 11:30 - 2011-10-13 11:30 - 0033792 ____A C:\Users\Cody Brown\Desktop\API_sign_up.xls
    2011-10-13 08:52 - 2011-10-13 08:52 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{CF14285E-9494-4248-B652-C9334B9036E4}
    2011-10-13 08:12 - 2011-10-13 08:12 - 0000000 ____D C:\Users\Cody Brown\AppData\Local\{BC63D572-3110-41B6-8184-CCC1A43524E4}
    2011-10-13 07:56 - 2011-10-13 07:56 - 10207232 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2011-10-13 07:20 - 2011-10-13 07:20 - 24629760 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2011-10-13 07:15 - 2011-10-13 07:15 - 0198664 ____A C:\Windows\System32\atiapfxx.blb
    2011-10-13 07:14 - 2011-10-13 07:14 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2011-10-13 07:14 - 2011-01-05 14:02 - 0736768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2011-10-13 07:13 - 2011-01-05 14:01 - 0867328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2011-10-13 07:10 - 2011-10-13 07:10 - 0487936 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2011-10-13 07:10 - 2011-04-20 13:05 - 0466944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2011-10-13 07:09 - 2011-10-13 07:09 - 0204288 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2011-10-13 07:08 - 2011-10-13 07:08 - 0356352 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\atipdlxx.dll
    2011-10-13 07:08 - 2011-10-13 07:08 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2011-10-13 07:08 - 2011-04-20 13:02 - 0423424 ____A (ATI Technologies, Inc.) C:\Windows\System32\atipdl64.dll
    2011-10-13 07:07 - 2011-10-13 07:07 - 0278528 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\Oemdspif.dll
    2011-10-13 07:07 - 2011-10-13 07:07 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2011-10-13 07:07 - 2011-10-13 07:07 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2011-10-13 07:07 - 2011-10-13 07:07 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2011-10-13 07:04 - 2011-10-13 07:04 - 4231680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2011-10-13 07:04 - 2011-10-13 07:04 - 18630656 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2011-10-13 06:54 - 2011-01-05 13:43 - 4960768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2011-10-13 06:46 - 2011-10-13 06:46 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2011-10-13 06:46 - 2011-10-13 06:46 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2011-10-13 06:46 - 2011-10-13 06:46 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2011-10-13 06:46 - 2011-10-13 06:46 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2011-10-13 06:45 - 2011-10-13 06:45 - 9877504 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2011-10-13 06:44 - 2011-10-13 06:44 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2011-10-13 06:44 - 2011-10-13 06:44 - 1113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2011-10-13 06:44 - 2011-04-20 12:40 - 4023296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2011-10-13 06:44 - 2011-01-05 13:33 - 4289024 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2011-10-13 06:42 - 2011-10-13 06:42 - 8391680 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2011-10-13 06:39 - 2011-10-13 06:39 - 1847904 ____A C:\Windows\System32\atiumd6a.cap
    2011-10-13 06:39 - 2010-11-26 13:24 - 0058880 ____A (AMD) C:\Windows\System32\coinst.dll
    2011-10-13 06:38 - 2011-04-20 12:31 - 5431808 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2011-10-13 06:33 - 2011-10-13 06:33 - 4174848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2011-10-13 06:32 - 2011-10-13 06:32 - 1849344 ____A C:\Windows\SysWOW64\atiumdva.cap
    2011-10-13 06:31 - 2011-10-13 06:31 - 0335872 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2011-10-13 06:31 - 2011-10-13 06:31 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2011-10-13 06:31 - 2011-10-13 06:31 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2011-10-13 06:31 - 2011-10-13 06:31 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2011-10-13 06:31 - 2011-04-20 12:23 - 0479744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2011-10-13 06:30 - 2011-10-13 06:30 - 0317952 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2011-10-13 06:30 - 2011-10-13 06:30 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2011-10-13 06:30 - 2011-10-13 06:30 - 0032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2011-10-13 06:29 - 2011-04-20 12:21 - 0031744 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2011-10-13 06:29 - 2011-01-05 13:18 - 0040960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2011-10-13 06:29 - 2011-01-05 13:18 - 0038912 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2011-10-13 06:29 - 2011-01-05 13:18 - 0029184 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2011-10-13 06:28 - 2011-10-13 06:28 - 0053248 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2011-10-13 06:16 - 2011-10-13 06:16 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2011-10-13 06:16 - 2011-10-13 06:16 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2011-10-13 06:16 - 2011-10-13 06:16 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2011-10-13 06:16 - 2011-10-13 06:16 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2011-10-13 04:26 - 2009-11-27 04:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-13 01:42 - 2011-10-12 20:32 - 0000000 ____D C:\Program Files\VentriloMIX
    2011-10-13 00:29 - 2011-10-13 00:29 - 0003255 ____A C:\Users\Cody Brown\Downloads\Download(2).qif
    2011-10-13 00:27 - 2011-10-13 00:27 - 0007286 ____A C:\Users\Cody Brown\Downloads\Download.qif

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 26%
    Total physical RAM: 4087.42 MB
    Available physical RAM: 3004.06 MB
    Total Pagefile: 8173.04 MB
    Available Pagefile: 7236.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:170.18 GB) NTFS
    2 Drive d: (Data) (Fixed) (Total:458.87 GB) (Free:458.77 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 13 GB 1024 KB
    Partition 2 Primary 100 MB 13 GB
    Partition 3 Primary 458 GB 13 GB
    Partition 4 Primary 458 GB 472 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 PQSERVICE NTFS Partition 13 GB Healthy Hidden

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Acer NTFS Partition 458 GB Healthy Boot

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D Data NTFS Partition 458 GB Healthy

    ==========================================================

    Last Boot: 2011-12-31 01:28

    ======================= End Of Log ==========================
     
  14. codyb

    codyb TS Rookie Topic Starter Posts: 25

    should i be running all of this still in safe mode or normal mode ?

    because i am still currently in safe mode!

    also i think i am getting some redirect problems which i didn't actually notice before :(

    thanks,
    cody
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Restart in normal mode and see how computer is doing there.

    Then....

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  16. codyb

    codyb TS Rookie Topic Starter Posts: 25

    When i restarted into normal mode a lot seemed to be better but i did get one mcafee pop up saying it couldn't clean a file.

    I then ran the tdss tool and restarted and the scan results are as follows:

    ***Infected MBR detected



    should i click repair or close ?

    thanks,
    cody
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Click repair.

    After restart post new Bootkit Remover log.
     
  18. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`71500000

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You sure you clicked on repair MBR?
     
  20. codyb

    codyb TS Rookie Topic Starter Posts: 25

    Yer I did and it actually said repair succeeded and then i clicked close as it looked although it had all been completed.

    should i run the tdss again ?

    thanks,
    cody
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Not for now.
    See if you can run aswMBR now.
     
  22. codyb

    codyb TS Rookie Topic Starter Posts: 25

    I ran the tdss tool before I got your reply sorry :(

    Good news though is that the tdss tool came up with no infections this time! and also I am able to open and run the aswmbr tool this time :)

    Here is the log:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-10 12:12:22
    -----------------------------
    12:12:22.511 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:12:22.511 Number of processors: 4 586 0x1E05
    12:12:22.511 ComputerName: CODY-BROWN UserName: Cody Brown
    12:13:56.033 Initialize success
    12:16:31.206 AVAST engine defs: 12010901
    12:16:37.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:16:37.421 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
    12:16:37.437 Disk 0 MBR read successfully
    12:16:37.453 Disk 0 MBR scan
    12:16:37.453 Disk 0 Windows 7 default MBR code
    12:16:37.453 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
    12:16:37.468 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
    12:16:37.484 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 469884 MB offset 28878848
    12:16:37.499 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 469883 MB offset 991201280
    12:16:37.499 Service scanning
    12:16:46.004 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    12:16:48.500 Modules scanning
    12:16:48.500 Disk 0 trace - called modules:
    12:16:49.015 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
    12:16:49.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047ed060]
    12:16:49.030 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004547050]
    12:16:50.528 AVAST engine scan C:\Windows
    12:16:59.357 AVAST engine scan C:\Windows\system32
    12:19:35.364 AVAST engine scan C:\Windows\system32\drivers
    12:19:47.865 AVAST engine scan C:\Users\Cody Brown
    12:28:15.040 Disk 0 MBR has been saved successfully to "C:\Users\Cody Brown\Desktop\MBR.dat"
    12:28:15.109 The log file has been saved successfully to "C:\Users\Cody Brown\Desktop\aswMBR.txt"


    ******* I think i may have posted it before it got to completely finish because it looked like it had stopped for like 8 minutes :(
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It looks fine.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  24. codyb

    codyb TS Rookie Topic Starter Posts: 25

    ComboFix 12-01-09.06 - Cody Brown 10/01/2012 12:44:51.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4087.2673 [GMT 11:00]
    Running from: c:\users\Cody Brown\Downloads\ComboFix.exe
    AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\Acer GameZone online.ico
    c:\users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Cody Brown\AppData\Roaming\mIRC\logs\status.log
    c:\users\Cody Brown\Desktop\System Check.lnk
    c:\users\Cody Brown\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-10 01:54 . 2012-01-10 01:54 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
    2012-01-10 01:54 . 2012-01-10 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-10 00:06 . 2012-01-10 01:11 50688 ----a-w- c:\windows\SysWow64\dtsoftbusinst64.exe
    2012-01-10 00:06 . 2012-01-10 01:11 256576 ----a-w- c:\windows\SysWow64\dtsoftbus01.sys
    2012-01-09 16:20 . 2012-01-09 23:47 -------- d-----w- C:\FRST
    2012-01-09 16:03 . 2012-01-09 16:03 -------- d-----w- c:\users\Cody Brown\AppData\Roaming\Malwarebytes
    2012-01-09 16:03 . 2012-01-09 16:03 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-09 16:03 . 2012-01-09 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-09 02:45 . 2012-01-09 02:46 -------- d-----w- c:\users\Cody Brown\.freemind
    2012-01-09 02:44 . 2012-01-09 02:44 -------- d-----w- c:\program files (x86)\FreeMind
    2012-01-05 15:14 . 2012-01-05 15:14 -------- d-----w- c:\program files (x86)\Market Samurai
    2012-01-03 04:46 . 2011-12-21 07:24 121816 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-01-03 04:46 . 2011-12-21 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-03 04:46 . 2011-12-21 07:24 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2012-01-03 04:46 . 2011-12-21 07:24 814040 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2012-01-03 04:46 . 2011-12-21 07:24 486360 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2012-01-03 04:46 . 2011-12-21 07:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-03 04:46 . 2011-12-21 07:24 2124760 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2012-01-03 04:46 . 2011-12-21 07:24 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2012-01-03 04:46 . 2011-12-21 04:30 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2012-01-03 04:46 . 2011-12-21 04:30 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
    2012-01-03 04:46 . 2011-12-21 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-03 04:46 . 2011-12-21 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-03 04:39 . 2012-01-03 04:39 -------- d-----w- c:\users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
    2012-01-03 04:39 . 2012-01-03 04:39 -------- d-----w- c:\program files (x86)\KeywordBlaze
    2011-12-16 00:16 . 2011-12-16 00:16 -------- d-----w- c:\program files (x86)\ Your Local Shortcut
    2011-12-14 21:20 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 21:20 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 21:20 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 21:20 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-14 21:20 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-14 21:20 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-28 01:14 . 2011-10-28 01:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-19 11:14 . 2011-10-19 11:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
    2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-10-12 20:14 . 2011-01-05 03:02 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-10-12 20:13 . 2011-01-05 03:01 867328 ----a-w- c:\windows\system32\aticfx64.dll
    2011-10-12 20:10 . 2011-04-20 02:05 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
    2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-10-12 20:08 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-10-12 20:04 . 2011-10-12 20:04 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-10-12 19:54 . 2011-01-05 02:43 4960768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-10-12 19:44 . 2011-01-05 02:33 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-10-12 19:44 . 2011-04-20 01:40 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-10-12 19:39 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-10-12 19:38 . 2011-04-20 01:31 5431808 ----a-w- c:\windows\system32\atiumd64.dll
    2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-10-12 19:31 . 2011-04-20 01:23 479744 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-10-12 19:29 . 2011-01-05 02:18 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-10-12 19:29 . 2011-04-20 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-10-12 19:29 . 2011-01-05 02:18 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-10-12 19:29 . 2011-01-05 02:18 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-10-12 05:16 . 2011-10-12 05:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
    2011-10-12 05:16 . 2011-10-12 05:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
    2011-10-12 05:14 . 2011-10-12 05:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-12-14 04:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-26 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
    "MyWirelessCard"="c:\program files (x86)\Crazy John's\Crazy John's Broadband\WirelessCard.exe" [2010-03-10 2093056]
    "MyDetectWireless"="c:\program files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe" [2010-02-09 61440]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
    "Akamai NetSession Interface"="c:\users\Cody Brown\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-11-12 469536]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-08-25 476480]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
    "DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
    .
    c:\users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
    Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2010-6-27 496896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 135664]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    R3 ATICDSDr;ATICDSDr;c:\users\CODYBR~1\AppData\Local\Temp\ATICDSDr.sys [x]
    R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
    R3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2008-01-23 113664]
    R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 135664]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 RumorServer;McAfee Peer Distribution Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-08-25 291064]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
    S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2008-06-26 167936]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 07:38]
    .
    2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 07:38]
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000Core.job
    - c:\users\Cody Brown\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 07:38]
    .
    2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000UA.job
    - c:\users\Cody Brown\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 07:38]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cody Brown\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-02 8098848]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 0.0.0.0:80
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}\34F6D6075747562737: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-MVS - c:\progra~2\McAfee\MANAGE~1\Agent\myinx
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\McAfee\VSCORE]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Acer Display\eDisplay Management\DTHtml.exe
    c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
    c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-10 13:03:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-10 02:03
    .
    Pre-Run: 183,115,632,640 bytes free
    Post-Run: 185,112,223,744 bytes free
    .
    - - End Of File - - CD607AC8BA3EDA32E503B915F55ADBC7
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    How is computer doing?

    Uninstall Ask Toolbar and Ask Toolbar Updater, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...