TechSpot

Services.exe infected/trogan

By deano30
Aug 5, 2012
  1. I ran MBAM as per posting instructions and rebooted after removal.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.04.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    deano :: DEANO-HP [administrator]

    5/08/2012 1:38:59 PM
    mbam-log-2012-08-05 (13-41-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213016
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-05 14:26:44
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885fb7858
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885fb7858 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\st[2] 4506 bytes

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by deano at 14:28:18 on 2012-08-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8089.6082 [GMT 8:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\SysWOW64\ctfmon.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:56990
    uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: HP SimplePass Browser Helper Object: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    TB: HP SimplePass Toolbar: {c98ee38d-21e4-4a50-907d-2b56fec7013e} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [AdobeBridge]
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [install.exe] C:\Users\deano\AppData\Local\Temp\install.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: bendigobank.com.au\www
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{588A3F7D-D4BD-4E99-881D-3B16D9F61CD6} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{62F1A5E9-4B3B-44BB-9221-B24DA491008A} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{798B02D3-8942-4826-B841-4056C041C611} : DhcpNameServer = 10.143.147.147 10.143.147.148
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    BHO-X64: AskBar BHO - No File
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
    BHO-X64: TSBHO Class - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    TB-X64: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
    TB-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [(Default)]
    mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun-x64: [install.exe] C:\Users\deano\AppData\Local\Temp\install.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\deano\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys --> C:\Windows\system32\drivers\iusb3hcs.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-5 44808]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-14 249648]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-20 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-20 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-20 161560]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-7-10 66560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-20 2458944]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-7-8 386344]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-7-9 6583160]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-7-9 528760]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-20 363800]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys --> C:\Windows\system32\DRIVERS\Smb_driver.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-16 195320]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
    S3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-20 276248]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-19 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-19 8456]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-5 113120]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-05 05:37:54 -------- d-----w- C:\Users\deano\AppData\Roaming\Malwarebytes
    2012-08-05 05:37:41 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-05 05:37:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-05 05:37:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 04:40:17 -------- d-----w- C:\ProgramData\Blio
    2012-08-05 04:39:59 -------- d-----w- C:\Users\deano\AppData\Roaming\Blio
    2012-08-05 03:41:22 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-05 03:41:18 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-05 03:41:13 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-05 03:40:58 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-05 03:40:50 -------- d-----w- C:\ProgramData\AVAST Software
    2012-08-05 03:40:50 -------- d-----w- C:\Program Files\AVAST Software
    2012-08-05 02:46:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-08-05 02:06:53 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-08-05 02:06:12 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-05 02:06:12 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-04 03:22:57 -------- d-----w- C:\Program Files\Easypano
    2012-08-04 02:30:59 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
    2012-08-04 02:30:59 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2012-08-04 02:30:59 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2012-08-04 02:30:41 -------- d-----w- C:\Program Files (x86)\Easypano
    2012-08-03 06:14:42 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AE9436-F37F-4960-8E19-9D39420BB35C}\mpengine.dll
    2012-07-31 01:30:49 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
    2012-07-31 01:30:49 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2012-07-31 01:30:49 -------- d-----w- C:\Program Files (x86)\Application Updater
    2012-07-30 10:39:56 -------- d-----w- C:\Users\deano\AppData\Local\Kolor
    2012-07-30 10:38:35 -------- d-----w- C:\Program Files\Kolor
    2012-07-30 02:26:15 -------- d-----w- C:\ProgramData\YTD Video Downloader
    2012-07-28 19:05:23 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-28 01:58:39 -------- d-----w- C:\Windows\WICCodecs
    2012-07-24 02:37:48 -------- d-----w- C:\ProgramData\RedGiant
    2012-07-24 02:24:23 -------- d-----w- C:\PSCS5PLUGINPATH64BIT
    2012-07-23 01:22:48 -------- d-----w- C:\Program Files\indii.org
    2012-07-21 04:01:25 -------- d-----w- C:\Program Files (x86)\GeniuXPhotoEFX3
    2012-07-19 04:41:55 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
    2012-07-19 04:41:55 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
    2012-07-19 04:41:55 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
    2012-07-19 04:41:55 3316736 ----a-w- C:\Windows\System32\BootMan.exe
    2012-07-19 04:41:55 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe
    2012-07-19 04:41:55 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
    2012-07-19 04:41:55 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
    2012-07-19 04:41:55 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
    2012-07-19 04:41:55 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
    2012-07-19 04:41:55 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
    2012-07-19 04:41:51 -------- d-----w- C:\Program Files (x86)\EaseUS
    2012-07-19 01:41:17 -------- d-----w- C:\Program Files (x86)\Disk Heal
    2012-07-16 07:32:30 -------- d-----w- C:\Users\deano\AppData\Roaming\HandBrake
    2012-07-16 07:21:41 -------- d-----w- C:\Program Files\Handbrake
    2012-07-16 07:02:10 -------- d-----w- C:\Program Files\MediaInfo
    2012-07-16 06:27:30 -------- d-----w- C:\Users\deano\AppData\Roaming\PictureCode
    2012-07-15 03:48:49 -------- d-----w- C:\Users\deano\AppData\Roaming\FastStone
    2012-07-11 23:43:03 -------- d-----w- C:\Users\deano\AppData\Roaming\Boilsoft
    2012-07-11 23:43:02 -------- d-----w- C:\Program Files (x86)\Boilsoft Video Converter
    2012-07-11 19:04:34 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 18:18:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-11 18:18:04 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2012-07-11 18:18:04 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 18:18:04 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-07-11 18:18:04 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-07-11 18:18:04 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-07-11 07:07:32 696832 ----a-w- C:\Windows\System32\xvidcore.dll
    2012-07-11 07:07:32 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2012-07-11 07:07:32 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2012-07-11 07:07:32 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2012-07-11 07:07:32 173568 ----a-w- C:\Windows\System32\xvid.ax
    2012-07-11 07:07:32 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
    2012-07-11 07:07:32 -------- d-----w- C:\Program Files (x86)\Xvid
    2012-07-11 07:05:38 -------- d-----w- C:\Program Files\DivX
    2012-07-11 07:05:33 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2012-07-11 07:03:29 -------- d-----w- C:\Program Files (x86)\DivX
    2012-07-11 07:02:02 -------- d-----w- C:\ProgramData\DivX
    2012-07-11 06:26:51 -------- d-----w- C:\Users\deano\AppData\Roaming\Jasc
    2012-07-11 06:21:41 -------- d-----w- C:\Program Files (x86)\Jasc Software Inc
    2012-07-11 01:43:08 -------- d-----w- C:\Users\deano\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-07-11 01:03:55 28672 ----a-w- C:\Windows\SysWow64\AVEQT.dll
    2012-07-11 01:03:55 129024 ----a-w- C:\Windows\SysWow64\AVERM.dll
    2012-07-11 00:57:45 421888 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax
    2012-07-11 00:57:45 376832 ----a-w- C:\Windows\SysWow64\MpegSplitter.ax
    2012-07-11 00:57:43 -------- d-----w- C:\Program Files (x86)\Allok Video Splitter
    2012-07-10 07:03:57 -------- d-----w- C:\Users\deano\AppData\Local\HP
    2012-07-10 05:26:02 -------- d-----w- C:\Users\deano\AppData\Roaming\AKVIS LLC
    2012-07-10 04:57:32 -------- d-----w- C:\ProgramData\Digital Film Tools
    2012-07-10 04:57:31 -------- d-----w- C:\Program Files\Digital Film Tools
    2012-07-10 02:33:34 -------- d-----w- C:\Program Files\Pano2VR
    2012-07-10 02:11:46 -------- d-----w- C:\Users\deano\AppData\Roaming\GardenGnomeSoftware
    2012-07-10 00:12:46 -------- d-----w- C:\Program Files\onOne Software
    2012-07-09 23:11:44 -------- d-----w- C:\Users\deano\AppData\Roaming\Digital Film Tools
    2012-07-09 21:50:21 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2012-07-09 21:50:21 66560 ----a-w- C:\Windows\System32\nlssrv32.exe
    2012-07-09 21:24:48 -------- d-----w- C:\Users\deano\OnOne Perfect Resize 7.0.6 Pro + Keygen{H33T}{Easypath}
    2012-07-09 09:05:35 -------- d-----w- C:\ProgramData\CanonIJ
    2012-07-09 04:43:49 -------- d-----w- C:\Users\deano\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-07-09 04:36:38 -------- d-----w- C:\Users\deano\AppData\Roaming\Wacom
    2012-07-09 04:36:32 -------- d-----w- C:\ProgramData\Wacom
    2012-07-09 04:36:02 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
    2012-07-09 04:31:29 -------- d-----w- C:\Users\deano\AppData\Roaming\WTablet
    2012-07-09 04:31:28 1326456 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
    2012-07-09 04:31:28 1107832 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
    2012-07-09 04:31:23 -------- d-----w- C:\Program Files (x86)\TabletPlugins
    2012-07-09 04:31:07 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
    2012-07-09 04:31:01 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
    2012-07-09 04:30:59 1401208 ----a-w- C:\Windows\System32\Wintab32.dll
    2012-07-09 04:30:59 1392504 ----a-w- C:\Windows\System32\WacomMT.dll
    2012-07-09 04:30:59 1156472 ----a-w- C:\Windows\SysWow64\Wintab32.dll
    2012-07-09 04:30:59 1152888 ----a-w- C:\Windows\SysWow64\WacomMT.dll
    2012-07-09 04:30:58 1665400 ----a-w- C:\Windows\System32\Pen_Tablet.dll
    2012-07-09 04:30:58 1369464 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
    2012-07-09 04:30:55 -------- d-----w- C:\Program Files\Tablet
    2012-07-09 04:27:30 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
    2012-07-09 04:26:51 -------- d-----w- C:\ProgramData\CanonIJPLM
    2012-07-09 04:26:12 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
    2012-07-09 04:26:06 323584 ----a-w- C:\Windows\SysWow64\CNC_ATL.dll
    2012-07-09 04:26:06 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
    2012-07-09 04:26:06 114688 ----a-w- C:\Windows\SysWow64\CNC_ATU.dll
    2012-07-09 04:25:35 -------- d-----w- C:\ProgramData\CanonIJWSpt
    2012-07-09 04:25:35 -------- d-----w- C:\Program Files\Common Files\CANON
    2012-07-09 04:24:44 -------- d-----w- C:\Program Files\Canon
    2012-07-09 04:24:31 98816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAT.DLL
    2012-07-09 04:24:31 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAT.DLL
    2012-07-09 04:24:07 385536 ----a-w- C:\Windows\System32\CNMLMAT.DLL
    2012-07-09 04:23:59 256000 ----a-w- C:\Windows\System32\CNMIUAT.DLL
    2012-07-09 04:23:34 38400 ----a-w- C:\Windows\System32\CNMN6UI.DLL
    2012-07-09 04:23:34 355840 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
    2012-07-09 04:23:34 -------- d-----w- C:\Windows\System32\STRING
    2012-07-09 04:15:19 -------- d-----w- C:\Program Files (x86)\Canon
    2012-07-09 02:54:14 -------- d-----w- C:\Program Files\CCleaner
    2012-07-08 12:48:17 -------- d-----w- C:\ProgramData\SmartSound Software Inc
    2012-07-08 12:48:16 -------- d-----w- C:\ProgramData\eSellerate
    2012-07-08 12:48:16 -------- d-----w- C:\Program Files (x86)\SmartSound Software
    2012-07-08 10:28:10 -------- d-----w- C:\ProgramData\YouTube Downloader
    2012-07-08 10:26:33 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
    2012-07-08 10:22:57 -------- dc-h--w- C:\ProgramData\{654BBB15-6EFB-44E9-9E8B-F75DAF1B3B4C}
    2012-07-08 10:22:12 -------- d-----w- C:\Users\deano\AppData\Local\PackageAware
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-07-08 06:30:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-07-08 01:40:08 -------- d-----w- C:\ProgramData\Image Trends Inc
    2012-07-08 01:38:48 -------- d-----w- C:\AuthLog
    2012-07-08 01:38:33 -------- d-----w- C:\Program Files (x86)\Image Trends Inc
    2012-07-07 07:00:42 -------- d-----w- C:\Program Files (x86)\AKVIS
    2012-07-07 06:06:52 4608 ----a-w- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
    2012-07-07 06:03:06 -------- d-----w- C:\Users\deano\AppData\Roaming\ThePluginSite
    2012-07-07 05:37:47 -------- d-----w- C:\Users\deano\AppData\Roaming\Auto FX Software
    2012-07-07 05:37:17 90112 ----a-w- C:\Windows\unvise32.exe
    2012-07-07 04:57:18 -------- d-----w- C:\Users\deano\AppData\Local\Alien Skin
    2012-07-07 04:43:50 -------- d-----w- C:\Program Files\Imagenomic
    2012-07-07 03:07:58 -------- d-----w- C:\Program Files (x86)\FastStone Capture
    2012-07-07 01:02:36 21264 ----a-w- C:\Windows\System32\drivers\Smb_driver.sys
    2012-07-07 01:01:26 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
    2012-07-07 01:01:26 4747328 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
    2012-07-07 01:01:25 3617792 ----a-w- C:\Windows\System32\bcmihvui64.dll
    2012-07-07 01:01:22 3952640 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
    2012-07-06 21:31:57 -------- d-----w- C:\Users\deano\AppData\Roaming\ts3overlay
    2012-07-06 21:30:13 -------- d-----w- C:\Users\deano\AppData\Roaming\TS3Client
    .
    ==================== Find3M ====================
    .
    2012-07-28 23:33:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 23:33:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-07 06:32:36 4608 ----a-w- C:\Windows\System32\Viveza2FC64.dll
    2012-07-06 23:54:59 3072 ----a-w- C:\Windows\System32\Viveza2FC32.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-21 08:47:06 264064 ----a-w- C:\Coloriage.8bf
    .
    ============= FINISH: 14:28:41.66 ===============

    .
     
  2. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Attach.txt
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/07/2012 6:16:32 PM
    System Uptime: 5/08/2012 1:43:19 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 181B
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | U3E1 | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 575 GiB total, 392.417 GiB free.
    D: is FIXED (NTFS) - 21 GiB total, 2.298 GiB free.
    E: is CDROM ()
    G: is FIXED (FAT32) - 298 GiB total, 155.416 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: WD SES Device USB Device
    Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_2011\57584B314335303034373039&1
    Manufacturer:
    Name: WD SES Device USB Device
    PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_2011\57584B314335303034373039&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP49: 3/08/2012 1:42:41 PM - Scheduled Checkpoint
    RP50: 3/08/2012 2:14:26 PM - Windows Update
    RP51: 5/08/2012 10:05:34 AM - Installed Java(TM) 7 Update 5
    RP52: 5/08/2012 10:06:16 AM - Installed JavaFX 2.1.1
    RP53: 5/08/2012 11:40:39 AM - avast! Free Antivirus Setup
    RP54: 5/08/2012 12:42:19 PM - Removed Blio.
    .
    ==== Installed Programs ======================
    .
    ACDSee Pro 5
    Adobe AIR
    Adobe Extension Manager CS6
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Media Player
    Adobe Photoshop CS6
    Adobe Reader X (10.1.3) MUI
    Adobe Shockwave Player 11.6
    AI RoboForm (All Users)
    AKVIS Chameleon
    AKVIS Coloriage
    AKVIS Lightshop
    Allok Video Splitter 3.1.1117
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    µTorrent
    avast! Free Antivirus
    Bamboo Dock
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Boilsoft Video Converter 3.01
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 5.0
    Canon My Printer
    Chuzzle Deluxe
    Color Efex Pro 4
    Cradle of Rome 2
    CuteFTP 8 Professional
    CyberLink PowerDirector
    CyberLink WaveEditor
    CyberLink YouCam
    D3DX10
    Disk Heal
    DivX Setup
    Dora's World Adventure
    DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked
    EaseUS Partition Master 9.1.1 Home Edition
    Effects Suite 32-bit
    Effects Suite 64-bit
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.5.2
    Farm Frenzy
    Farmscapes
    FastPictureViewer Codec Pack 3.3.0.66
    FastStone Capture 5.3
    FATE
    Final Drive Fury
    HandBrake 0.9.7
    HDR Efex Pro
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hoyle Card Games
    HP CoolSense
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Recovery Manager
    HP Setup
    HP Setup Manager
    HP SimplePass
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Image Trends' Fisheye-Hemi Plug-In 1.2.5
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Jasc Animation Shop 3
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Knoll Light Factory Photo 64 bit
    Letters from Nowhere 2
    Light v3.5 for Adobe Photoshop
    Luxor HD
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 14.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    Mystical
    Mystical 2.0
    opensource
    Pano2VR - Garden Gnome Software
    PDF Settings CS6
    Penguins!
    Perfect Photo Suite 6
    Perfect Resize 7
    PhoenixRC
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power Retouche Retouching Suite
    PTGui Pro 9.0
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RollerCoaster Tycoon 3: Platinum
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    SmartSound Quicktracks 5
    swMSM
    The Treasures of Mystery Island: The Ghost Ship
    Tintii
    Torchlight
    Uninstall Mystical
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    uTorrentControl2 Toolbar
    VC80CRTRedist - 8.0.50727.6195
    Virtual Villagers 4 - The Tree of Life
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.5
    WinZip Driver Updater
    Xvid Video Codec
    YTD Toolbar v6.2
    YTD Video Downloader 3.9
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/08/2012 1:47:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    5/08/2012 1:47:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    5/08/2012 1:44:14 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    5/08/2012 1:44:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    5/08/2012 1:44:06 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    29/07/2012 9:58:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    29/07/2012 9:58:57 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/08/2012 12:37:40 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/08/2012 7:42:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    1/08/2012 4:43:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
    1/08/2012 3:52:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    .
    ==== End Of File ===========================
     
  3. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Rogue Killer report, it appears I am infected with zero access:
    RogueKiller V7.6.5 [08/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: deano [Admin rights]
    Mode: Scan -- Date: 08/05/2012 14:47:07

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 6 ¤¤¤
    [SUSP PATH] HKLM\[...]\Wow6432Node\Run : install.exe (C:\Users\deano\AppData\Local\Temp\install.exe) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:56990) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
    [Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX
    [ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 www.autofx.com
    127.0.0.1 acdid.acdsystems.com
    127.0.0.1 hxxp://www.ptgui.com/
    127.0.0.1 activate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
    --- User ---
    [MBR] 39b21594f3c190f1af88ce5058a791ef
    [BSP] 3655c9bc1b36cb167cb2636da1a6e716 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 588319 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1205286912 | Size: 21857 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD My Passport 071A USB Device +++++
    --- User ---
    [MBR] 5df48be8ff553f7800315e75c5916530
    [BSP] 467f3f0b4158df393634103c3536909e : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 305211 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    aswMBR log:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-05 15:23:46
    -----------------------------
    15:23:46.034 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:23:46.034 Number of processors: 4 586 0x2A07
    15:23:46.034 ComputerName: DEANO-HP UserName: deano
    15:23:47.812 Initialize success
    15:23:47.875 AVAST engine defs: 12080500
    15:24:08.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:24:08.993 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 8
    15:24:09.024 Disk 0 MBR read successfully
    15:24:09.040 Disk 0 MBR scan
    15:24:09.040 Disk 0 Windows 7 default MBR code
    15:24:09.040 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    15:24:09.040 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 588319 MB offset 409600
    15:24:09.071 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21857 MB offset 1205286912
    15:24:09.102 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
    15:24:09.133 Disk 0 scanning C:\Windows\system32\drivers
    15:24:20.740 Service scanning
    15:24:46.246 Modules scanning
    15:24:46.246 Disk 0 trace - called modules:
    15:24:46.761 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    15:24:46.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083f7790]
    15:24:46.776 3 CLASSPNP.SYS[fffff88001d6e43f] -> nt!IofCallDriver -> [0xfffffa8008334b10]
    15:24:46.776 5 hpdskflt.sys[fffff88001d15189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083f6050]
    15:24:48.445 AVAST engine scan C:\Windows
    15:24:50.692 AVAST engine scan C:\Windows\system32
    15:25:39.257 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
    15:26:00.676 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    15:26:02.080 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    15:26:36.524 AVAST engine scan C:\Windows\system32\drivers
    15:26:47.694 AVAST engine scan C:\Users\deano
    15:30:10.617 Disk 0 MBR has been saved successfully to "C:\Users\deano\Downloads\spyware\MBR.dat"
    15:30:10.617 The log file has been saved successfully to "C:\Users\deano\Downloads\spyware\aswMBR.txt"
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  5. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Thank you for the prompt response! pt 1:

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 05-08-2012 17:08:27
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-01-29] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-01-29] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-01-29] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-04-07] (CANON INC.)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291096 2011-12-05] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2011-01-15] (CANON INC.)
    HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-04] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-26] (Spigot, Inc.)
    HKLM-x32\...\Run: [install.exe] C:\Users\deano\AppData\Local\Temp\install.exe [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKU\deano\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2012-07-05] (Siber Systems)
    HKU\deano\...\Run: [AdobeBridge] [x]
    HKU\deano\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Lsa: [Notification Packages] scecli
    C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ==================== Services (Whitelisted) ======

    2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [794560 2012-07-26] (Spigot, Inc.)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 FPLService; "C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe" [260424 2011-12-11] (HP)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-06] ()
    2 Intel(R) Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [607456 2011-12-08] (Intel(R) Corporation)
    2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-10-24] (Nalpeiron Ltd.)
    2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
    3 TrueService; "C:\Program Files\Common Files\AuthenTec\TrueService.exe" [269640 2011-12-09] (AuthenTec, Inc.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [363800 2011-12-16] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
    3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
    3 BTWDPAN; C:\Windows\System32\Drivers\BTWDPAN.sys [89640 2011-05-20] (Broadcom Corporation.)
    3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-28] ()
    3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-28] ()
    0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2011-12-05] (Intel Corporation)
    3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356632 2012-03-27] (Intel Corporation)
    3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [789272 2012-03-27] (Intel Corporation)
    3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
    3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-03-01] (Synaptics Incorporated)
    0 SMR300; C:\Windows\System32\Drivers\SMR300.sys [96376 2012-08-04] (Symantec Corporation)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-05 16:44 - 2012-08-05 16:45 - 00000000 ____D C:\FRST
    2012-08-04 23:54 - 2012-08-04 23:55 - 04725168 ____A (Swearware) C:\Users\deano\Downloads\ComboFix.exe
    2012-08-04 23:09 - 2012-08-04 23:22 - 00000000 ____D C:\Users\deano\AppData\Local\NPE
    2012-08-04 23:09 - 2012-08-04 23:09 - 02841104 ____A (Symantec Corporation) C:\Users\deano\Downloads\NPE.exe
    2012-08-04 23:09 - 2012-08-04 23:09 - 00096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR300.SYS
    2012-08-04 22:58 - 2012-08-05 00:07 - 00000000 ____D C:\Users\deano\Downloads\spyware
    2012-08-04 22:47 - 2012-08-04 22:47 - 00002769 ____A C:\Users\deano\Desktop\RKreport[1].txt
    2012-08-04 22:44 - 2012-08-04 22:47 - 00000000 ____D C:\Users\deano\Desktop\RK_Quarantine
    2012-08-04 22:26 - 2012-08-04 22:26 - 00000646 ____A C:\Users\deano\Downloads\gmer.txt
    2012-08-04 21:37 - 2012-08-04 21:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 21:37 - 2012-08-04 21:37 - 00001113 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 21:37 - 2012-08-04 21:37 - 00000000 ____D C:\Users\deano\AppData\Roaming\Malwarebytes
    2012-08-04 21:37 - 2012-08-04 21:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-04 21:37 - 2012-08-04 21:37 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-08-04 21:37 - 2012-08-04 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-04 21:37 - 2012-07-02 21:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-04 21:31 - 2012-08-04 21:31 - 00069730 ____A C:\Users\deano\Downloads\Extras.Txt
    2012-08-04 21:27 - 2012-08-04 21:35 - 48357912 ____A (Logitech Inc.) C:\Users\deano\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe
    2012-08-04 20:40 - 2012-08-04 20:40 - 00000000 ____D C:\Users\deano\Documents\Blio
    2012-08-04 20:40 - 2012-08-04 20:40 - 00000000 ____D C:\Users\All Users\Blio
    2012-08-04 20:40 - 2012-08-04 20:40 - 00000000 ____D C:\Users\All Users\Application Data\Blio
    2012-08-04 20:39 - 2012-08-04 20:41 - 00000000 ____D C:\Users\deano\AppData\Roaming\Blio
    2012-08-04 19:41 - 2012-08-04 19:41 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-04 19:41 - 2012-08-04 19:41 - 00001922 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
    2012-08-04 19:41 - 2012-08-04 19:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-04 19:41 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-04 19:41 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-04 19:41 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-04 19:41 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-04 19:41 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-04 19:41 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-08-04 19:41 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-04 19:40 - 2012-08-04 19:40 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-08-04 19:40 - 2012-08-04 19:40 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
    2012-08-04 19:40 - 2012-08-04 19:40 - 00000000 ____D C:\Program Files\AVAST Software
    2012-08-04 19:40 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-04 19:40 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-04 19:12 - 2012-08-04 19:38 - 89340632 ____A C:\Users\deano\Downloads\avast_free_antivirus_setup(1).exe
    2012-08-04 19:00 - 2012-08-04 19:00 - 00000000 ____D C:\Users\deano\Downloads\ASBo...B442.x64x86
    2012-08-04 18:46 - 2012-08-04 18:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-08-04 18:30 - 2012-08-04 18:30 - 00000000 ____D C:\Windows\Sun
    2012-08-04 18:07 - 2012-08-04 18:07 - 00000000 ____D C:\Users\All Users\Sun
    2012-08-04 18:07 - 2012-08-04 18:07 - 00000000 ____D C:\Users\All Users\Application Data\Sun
    2012-08-04 18:06 - 2012-08-04 18:06 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-08-04 18:06 - 2012-08-04 18:05 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-08-04 18:06 - 2012-08-04 18:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-04 18:06 - 2012-08-04 18:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-04 18:06 - 2012-07-05 06:06 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-04 18:06 - 2012-07-05 06:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-08-04 18:05 - 2012-08-04 18:05 - 00000000 ____D C:\Program Files (x86)\Java
    2012-08-04 18:04 - 2012-08-04 18:04 - 00893936 ____A (Oracle Corporation) C:\Users\deano\Downloads\jxpiinstall.exe
    2012-08-03 20:24 - 2012-08-03 20:24 - 00000000 ____D C:\Users\deano\Downloads\003(1)
    2012-08-03 19:22 - 2012-08-03 19:22 - 00000000 ____D C:\Program Files\Easypano
    2012-08-03 18:30 - 2012-08-04 17:26 - 00000000 ____D C:\Program Files (x86)\Easypano
    2012-08-03 18:30 - 2003-04-18 02:46 - 01233920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-08-03 18:30 - 2003-04-18 02:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
    2012-08-03 18:30 - 2003-04-18 02:29 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
    2012-08-03 18:29 - 2012-08-03 21:07 - 00000000 ____D C:\Users\deano\Downloads\pano studio 2012
    2012-08-03 17:41 - 2012-08-03 17:41 - 00000000 ____D C:\Users\deano\Downloads\EpStudio.2010.Ultimate.Edition.SnR.Incl.Patch
    2012-08-03 17:40 - 2012-08-03 17:40 - 00000000 ____D C:\Users\deano\Downloads\[zemani] - 2010-09-08 - gertruda - presenting gertruda (x202) 3744x5616
    2012-08-02 17:52 - 2012-08-02 17:52 - 00000132 ____A C:\Users\deano\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2012-08-01 18:29 - 2012-08-01 18:31 - 00061431 ____A C:\Users\deano\Documents\agora.log
    2012-08-01 17:55 - 2012-04-11 20:21 - 00000000 ____D C:\Users\deano\Downloads\AdobeExtensionManager6.0All
    2012-08-01 17:49 - 2012-08-01 17:49 - 00000000 ____D C:\Users\deano\Downloads\Adobe_Watermark_2.1.0
    2012-08-01 00:18 - 2012-08-01 00:18 - 00001060 ____A C:\Users\deano\Downloads\viewer codec pack - Shortcut.lnk
    2012-07-31 21:34 - 2012-07-31 21:34 - 00001011 ____A C:\Users\deano\Desktop\Kolor Panotour Pro 1.8.lnk
    2012-07-31 21:33 - 2012-07-31 23:14 - 00000000 ____D C:\Users\deano\Downloads\Kapg.2.6.3.ptp.1.8.0.400_bestgfx.com
    2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
    2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2012-07-30 02:39 - 2012-07-31 16:29 - 00000000 ____D C:\Users\deano\AppData\Local\Kolor
    2012-07-30 02:38 - 2012-07-31 16:27 - 00000000 ____D C:\Program Files\Kolor
    2012-07-30 02:38 - 2012-07-30 02:38 - 00001023 ____A C:\Users\deano\Desktop\Kolor Autopano Giga 2.6.lnk
    2012-07-29 21:25 - 2012-07-30 02:43 - 00000000 ____D C:\Users\deano\Downloads\Autopano Giga v. 2.6.1 with keygen
    2012-07-29 18:26 - 2012-07-29 18:26 - 00000000 ____D C:\Users\All Users\YTD Video Downloader
    2012-07-29 18:26 - 2012-07-29 18:26 - 00000000 ____D C:\Users\All Users\Application Data\YTD Video Downloader
    2012-07-28 18:52 - 2012-08-03 02:40 - 00000000 ____D C:\Users\deano\Downloads\pdf
    2012-07-28 18:48 - 2012-07-28 18:48 - 00000000 ____D C:\Users\deano\Downloads\the-magic-of-natural-beauty_free-picture-set
    2012-07-28 14:59 - 2012-07-28 15:08 - 00000000 ____D C:\Users\deano\Downloads\Death.In.Paradise.S01
    2012-07-28 11:05 - 2012-07-28 11:05 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
    2012-07-28 11:02 - 2012-07-28 11:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-07-27 23:30 - 2012-07-27 23:30 - 00001250 ____A C:\Users\deano\Desktop\PTGui.exe - Shortcut.lnk
    2012-07-27 17:58 - 2012-07-27 17:58 - 00000000 ____D C:\Windows\WICCodecs
    2012-07-27 17:55 - 2012-07-27 17:56 - 00000000 ____D C:\Users\deano\Downloads\viewer codec pack
    2012-07-24 20:44 - 2012-07-24 20:44 - 00000000 ____D C:\Users\deano\Downloads\[mcn] 2012-06-26 lolla back again (x153) 3744x5616
    2012-07-23 18:37 - 2012-07-23 18:37 - 00000000 ____D C:\Users\All Users\RedGiant
    2012-07-23 18:37 - 2012-07-23 18:37 - 00000000 ____D C:\Users\All Users\Application Data\RedGiant
    2012-07-23 18:24 - 2012-07-23 18:24 - 00000000 ____D C:\PSCS5PLUGINPATH64BIT
    2012-07-22 17:22 - 2012-07-22 17:22 - 00000922 ____A C:\Users\Public\Desktop\Tintii.lnk
    2012-07-22 17:22 - 2012-07-22 17:22 - 00000922 ____A C:\Users\All Users\Desktop\Tintii.lnk
    2012-07-22 17:22 - 2012-07-22 17:22 - 00000000 ____D C:\Program Files\indii.org
    2012-07-22 16:38 - 2012-07-22 16:40 - 00000000 ____D C:\Users\deano\Downloads\[Met-Art]_-_2012-07-17_Mango_A_-_Calesma_(x130)_3456x5184
    2012-07-21 23:40 - 2012-07-21 23:44 - 00000178 ____A C:\Users\deano\Desktop\brownie in a mug.txt
    2012-07-21 23:12 - 2012-08-02 18:07 - 00000000 ____D C:\Users\deano\Downloads\photography
    2012-07-21 23:06 - 2012-07-21 23:06 - 25554752 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 25222464 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 19454272 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 17660224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 15025984 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 14312256 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-21 23:06 - 2012-07-21 23:06 - 09731392 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 08037696 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 07724864 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 05919040 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02873664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02673984 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02518336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02438464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02316608 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00813376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00030016 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
    2012-07-21 18:56 - 2012-07-21 19:43 - 00000000 ____D C:\Users\deano\Downloads\Adobe Photoshop Plugins - Noise Ninja For Photoshop v2.3.2 x86-x64 + KEYGEN [h33t] [mahasonaz]
    2012-07-21 00:22 - 2012-07-28 01:59 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-20 21:35 - 2012-07-20 21:35 - 00000000 ____D C:\Users\deano\Downloads\viewpointcorrection
    2012-07-20 21:33 - 2012-07-20 21:33 - 00002145 ____A C:\Users\UpdatusUser\Desktop\Mystical.lnk
    2012-07-20 21:33 - 2012-07-20 21:33 - 00002145 ____A C:\Users\deano\Desktop\Mystical.lnk
    2012-07-20 20:01 - 2012-07-20 20:03 - 00000000 ____D C:\Program Files (x86)\GeniuXPhotoEFX3
    2012-07-20 18:13 - 2012-07-28 18:50 - 00000000 ____D C:\Users\deano\Downloads\filmframes
    2012-07-18 23:50 - 2012-07-19 03:53 - 00000000 ____D C:\Users\deano\Downloads\AutoFX Mystical Lighting Photoshop Plugin [h33t] [maxuploader]
    2012-07-18 20:41 - 2012-07-18 20:41 - 00001434 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    2012-07-18 20:41 - 2012-07-18 20:41 - 00001434 ____A C:\Users\All Users\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    2012-07-18 20:41 - 2012-07-18 20:41 - 00000000 ____D C:\Program Files (x86)\EaseUS
    2012-07-18 20:41 - 2012-05-17 01:36 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe
    2012-07-18 20:41 - 2012-05-14 19:13 - 03316736 ____A C:\Windows\System32\BootMan.exe
    2012-07-18 20:41 - 2011-07-28 21:54 - 00100232 ____A C:\Windows\System32\setupempdrvx64.exe
    2012-07-18 20:41 - 2011-07-28 21:54 - 00086408 ____A C:\Windows\SysWOW64\setupempdrv03.exe
    2012-07-18 20:41 - 2011-07-28 21:54 - 00019840 ____A C:\Windows\SysWOW64\EuEpmGdi.dll
    2012-07-18 20:41 - 2011-07-28 21:54 - 00016776 ____A C:\Windows\System32\epmntdrv.sys
    2012-07-18 20:41 - 2011-07-28 21:54 - 00016256 ____A C:\Windows\System32\EuEpmGdi.dll
    2012-07-18 20:41 - 2011-07-28 21:54 - 00014216 ____A C:\Windows\SysWOW64\epmntdrv.sys
    2012-07-18 20:41 - 2011-07-28 21:54 - 00009096 ____A C:\Windows\System32\EuGdiDrv.sys
    2012-07-18 20:41 - 2011-07-28 21:54 - 00008456 ____A C:\Windows\SysWOW64\EuGdiDrv.sys
    2012-07-18 20:39 - 2012-07-18 20:41 - 12086624 ____A (EaseUS ) C:\Users\deano\Downloads\easus partition.exe
    2012-07-18 19:52 - 2012-07-18 19:52 - 00000017 ____A C:\Users\deano\AppData\Local\resmon.resmoncfg
    2012-07-18 17:41 - 2012-07-18 17:41 - 00001214 ____A C:\Users\UpdatusUser\Desktop\Disk Heal.lnk
    2012-07-18 17:41 - 2012-07-18 17:41 - 00000000 ____D C:\Program Files (x86)\Disk Heal
    2012-07-16 17:22 - 2012-07-16 17:22 - 00002067 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk
    2012-07-16 17:22 - 2012-07-16 17:22 - 00002067 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk
    2012-07-15 23:32 - 2012-07-19 19:45 - 00000000 ____D C:\Users\deano\AppData\Roaming\HandBrake
    2012-07-15 23:31 - 2012-07-15 23:31 - 00000824 ____A C:\Users\UpdatusUser\Desktop\Handbrake.lnk
    2012-07-15 23:31 - 2012-07-15 23:31 - 00000824 ____A C:\Users\deano\Desktop\Handbrake.lnk
    2012-07-15 23:21 - 2012-07-15 23:31 - 00000000 ____D C:\Program Files\Handbrake
    2012-07-15 23:20 - 2012-07-15 23:21 - 07210563 ____A C:\Users\deano\Downloads\HandBrake-0.9.7-x86_64-Win_GUI.exe
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\b196ed68
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\b139d036
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\4f9f0a21
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\4f79b869
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\36ec0dca
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\3695ac3f
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\363627eb
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35e7f26f
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35965e47
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35453fb2
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\34f67d27
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\349dc2c9
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\3447e845
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\33e8c549
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\ca14a7f4
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c9f199a7
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c9972998
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c97c73d5
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c95b14fe
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c63c77eb
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c61c9f5c
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bd199199
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bcbbf55d
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bc90f3a9
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1db7c8e
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1b811aa
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a18b1072
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a165919e
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\9d144fdd
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\34c0d8a0
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\34a099f9
    2012-07-15 23:02 - 2012-07-15 23:02 - 00000675 ____A C:\Users\deano\Desktop\MediaInfo.lnk
    2012-07-15 23:02 - 2012-07-15 23:02 - 00000000 ____D C:\Program Files\MediaInfo
    2012-07-15 23:01 - 2012-07-15 23:01 - 03130280 ____A (MediaArea.net) C:\Users\deano\Downloads\MediaInfo_GUI_0.7.58_Windows_x64.exe
    2012-07-15 22:27 - 2012-07-15 22:27 - 00000000 ____D C:\Users\deano\AppData\Roaming\PictureCode
    2012-07-14 23:49 - 2012-07-15 00:17 - 00000000 ____D C:\Users\deano\Downloads\PTGui 9.1.2 + Serial + Crack EXE
    2012-07-14 20:12 - 2012-07-14 20:13 - 00000000 ____D C:\Users\deano\Downloads\hyperfocal calc
    2012-07-14 19:48 - 2012-07-14 19:48 - 00000000 ____D C:\Users\deano\AppData\Roaming\FastStone
    2012-07-14 19:06 - 2012-07-14 19:09 - 12985328 ____A C:\Users\deano\Downloads\PTGui_Pro_9.1.3_trial_Setup.exe
    2012-07-12 18:27 - 2012-07-12 18:58 - 00000000 ____D C:\Users\deano\Downloads\k10d firmware
    2012-07-12 18:24 - 2012-07-12 18:29 - 00000000 ____D C:\Users\deano\Downloads\k100d firmware
    2012-07-12 02:30 - 2012-07-12 02:30 - 00007680 ____A C:\Users\deano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-11 15:53 - 2012-07-11 15:53 - 00004640 ____A C:\Users\deano\AppData\Roaming\e40261ac
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\9d479513
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\6a296173
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\69c93149
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\5cd9893f
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\5c7fda7b
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\8717f268
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\86d86f96
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\4077fa38
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\40580889
    2012-07-11 15:50 - 2012-07-11 15:50 - 00004640 ____A C:\Users\deano\AppData\Roaming\d872fb7c
    2012-07-11 15:50 - 2012-07-11 15:50 - 00004640 ____A C:\Users\deano\AppData\Roaming\d8435ec4
    2012-07-11 15:49 - 2012-07-11 15:49 - 00004640 ____A C:\Users\deano\AppData\Roaming\5164c502
    2012-07-11 15:49 - 2012-07-11 15:49 - 00004640 ____A C:\Users\deano\AppData\Roaming\5110fa3a
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\ab7ca2dd
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\ab1ccfb6
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\7ef7335d
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\67fb1f28
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\679f06e3
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\896a698c
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\893e067e
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\84eed4ab
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a6c1af9b
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a6a4fabe
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a20f0701
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1f91480
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1e0e875
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1a65b59
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a189cfb0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9cce4a49
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b6f2fc6
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b5770f0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b3678fc
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b1c63d1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9ab8266b
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\78e62fd1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47b8d0e1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47994f7d
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47158d3c
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\46e9c689
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\46b7e9cf
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\4657ce79
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\4462c1ec
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3d501e45
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3bcd69ab
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3bb58b98
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b8fdd62
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b7468f0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b0d2b9e
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\30f6d2c
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\2b1262a
    2012-07-11 15:43 - 2012-07-11 15:43 - 00000000 ____D C:\Users\deano\AppData\Roaming\Boilsoft
    2012-07-11 15:43 - 2012-07-11 15:43 - 00000000 ____D C:\Program Files (x86)\Boilsoft Video Converter
    2012-07-11 15:41 - 2012-07-24 22:06 - 00000000 ____D C:\Users\deano\Downloads\Boilsoft Video Converter 3.01 build 129 + Serial [ThumperRG]
    2012-07-11 11:04 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 11:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 11:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 11:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 11:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 11:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 11:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 11:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 11:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 11:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 11:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 11:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 11:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 11:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 11:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 11:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 11:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 11:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 11:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 11:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 11:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 11:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 11:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 11:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 11:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 11:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 11:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 11:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 11:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 10:18 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 10:18 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 10:18 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 10:18 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 10:18 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 10:18 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 10:17 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 10:17 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 10:17 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 10:17 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 10:17 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 10:17 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 10:17 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 10:17 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 10:17 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 10:17 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 10:17 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 10:17 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 10:17 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 01:10 - 2012-07-11 01:10 - 00000000 ____D C:\Users\deano\AppData\Roaming\DivX
    2012-07-10 23:07 - 2012-07-10 23:07 - 00000000 ____D C:\Program Files (x86)\Xvid
    2012-07-10 23:07 - 2011-05-30 05:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
    2012-07-10 23:07 - 2011-05-30 05:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
     
  6. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    pt 2:
    2012-07-10 23:07 - 2011-05-23 01:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
    2012-07-10 23:07 - 2011-05-22 23:49 - 00173568 ____A C:\Windows\System32\xvid.ax
    2012-07-10 23:07 - 2011-05-22 23:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
    2012-07-10 23:07 - 2011-05-22 23:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
    2012-07-10 23:05 - 2012-07-10 23:05 - 00000000 ____D C:\Program Files\DivX
    2012-07-10 23:04 - 2012-07-10 23:06 - 10768856 ____A (Xvid Team) C:\Users\deano\Downloads\Xvid-1.3.2-20110601.exe
    2012-07-10 23:03 - 2012-07-10 23:05 - 00000000 ____D C:\Program Files (x86)\DivX
    2012-07-10 23:02 - 2012-07-10 23:05 - 00000000 ____D C:\Users\All Users\DivX
    2012-07-10 23:02 - 2012-07-10 23:05 - 00000000 ____D C:\Users\All Users\Application Data\DivX
    2012-07-10 22:26 - 2012-07-10 22:26 - 00002721 ____A C:\Users\deano\Desktop\Jasc Animation Shop 3.lnk
    2012-07-10 22:26 - 2012-07-10 22:26 - 00000000 ____D C:\Users\deano\AppData\Roaming\Jasc
    2012-07-10 22:21 - 2012-07-10 22:22 - 00000000 ____D C:\Program Files (x86)\Jasc Software Inc
    2012-07-10 22:19 - 2012-07-10 22:20 - 11098032 ____A (Jasc Software Inc ) C:\Users\deano\Downloads\Animation Shop 3 - FULL.exe
    2012-07-10 17:43 - 2012-07-10 17:43 - 00000000 ____D C:\Users\deano\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-07-10 17:13 - 2012-07-18 18:49 - 00000000 ____D C:\Users\deano\Downloads\gifs
    2012-07-10 17:08 - 2012-07-10 17:09 - 09001788 ____A (Allok Soft Inc. ) C:\Users\deano\Downloads\allok_vjoiner.exe
    2012-07-10 17:03 - 2007-04-11 22:19 - 00129024 ____A C:\Windows\SysWOW64\AVERM.dll
    2012-07-10 17:03 - 2006-09-25 21:57 - 00028672 ____A C:\Windows\SysWOW64\AVEQT.dll
    2012-07-10 16:57 - 2012-07-10 17:03 - 00000000 ____D C:\Program Files (x86)\Allok Video Splitter
    2012-07-10 16:57 - 2006-07-18 06:11 - 00376832 ____A (Gabest) C:\Windows\SysWOW64\MpegSplitter.ax
    2012-07-10 16:57 - 2006-05-04 14:59 - 00421888 ____A (Gabest) C:\Windows\SysWOW64\Mpeg2DecFilter.ax
    2012-07-09 23:03 - 2012-07-09 23:03 - 00000000 ____D C:\Users\deano\AppData\Local\HP
    2012-07-09 21:26 - 2012-07-09 21:26 - 00000000 ____D C:\Users\deano\AppData\Roaming\AKVIS LLC
    2012-07-09 20:57 - 2012-07-09 20:57 - 00000000 ____D C:\Users\All Users\Digital Film Tools
    2012-07-09 20:57 - 2012-07-09 20:57 - 00000000 ____D C:\Users\All Users\Application Data\Digital Film Tools
    2012-07-09 20:57 - 2012-07-09 20:57 - 00000000 ____D C:\Program Files\Digital Film Tools
    2012-07-09 18:33 - 2012-07-09 18:33 - 00001658 ____A C:\Users\UpdatusUser\Desktop\Pano2VR 64bit.lnk
    2012-07-09 18:33 - 2012-07-09 18:33 - 00001658 ____A C:\Users\deano\Desktop\Pano2VR 64bit.lnk
    2012-07-09 18:33 - 2012-07-09 18:33 - 00000000 ____D C:\Program Files\Pano2VR
    2012-07-09 18:12 - 2012-07-09 18:13 - 15804120 ____A (Garden Gnome Software) C:\Users\deano\Downloads\pano2vr_install64_3_1_4.exe
    2012-07-09 18:11 - 2012-07-09 18:11 - 00000000 ____D C:\Users\deano\AppData\Roaming\GardenGnomeSoftware
    2012-07-09 16:21 - 2012-07-09 16:21 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software
    2012-07-09 16:21 - 2012-07-09 16:21 - 00000000 ____D C:\Users\Default\Application Data\onOne Software
    2012-07-09 16:21 - 2012-07-09 16:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\onOne Software
    2012-07-09 16:21 - 2012-07-09 16:21 - 00000000 ____D C:\Users\Default User\Application Data\onOne Software
    2012-07-09 16:21 - 2012-07-09 16:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\onOne Software
    2012-07-09 16:12 - 2012-07-09 16:21 - 00000000 ____D C:\Program Files\onOne Software
    2012-07-09 16:12 - 2012-07-09 16:12 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
    2012-07-09 16:12 - 2012-07-09 16:12 - 00000000 ____D C:\Users\Default\Application Data\Adobe
    2012-07-09 16:12 - 2012-07-09 16:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
    2012-07-09 16:12 - 2012-07-09 16:12 - 00000000 ____D C:\Users\Default User\Application Data\Adobe
    2012-07-09 16:12 - 2012-07-09 16:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
    2012-07-09 15:11 - 2012-07-09 21:14 - 00000000 ____D C:\Users\deano\AppData\Roaming\Digital Film Tools
    2012-07-09 14:08 - 2012-07-09 14:08 - 00000132 ____A C:\Users\deano\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2012-07-09 13:57 - 2012-07-09 13:59 - 63418009 ____A C:\Users\deano\Downloads\Perfect_Resize_7.0.7_PE.zip
    2012-07-09 13:50 - 2011-10-24 05:15 - 00066560 ____A (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    2012-07-09 13:50 - 2011-10-24 05:15 - 00066560 ____A (Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
    2012-07-09 13:24 - 2012-07-09 13:48 - 00000000 ____D C:\Users\deano\OnOne Perfect Resize 7.0.6 Pro + Keygen{H33T}{Easypath}
    2012-07-09 01:05 - 2012-07-09 01:05 - 00000000 ____D C:\Users\deano\AppData\Roaming\Canon
    2012-07-09 01:05 - 2012-07-09 01:05 - 00000000 ____D C:\Users\All Users\CanonIJ
    2012-07-09 01:05 - 2012-07-09 01:05 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJ
    2012-07-09 01:01 - 2012-08-04 21:43 - 00010480 ____A C:\Windows\PFRO.log
    2012-07-08 20:43 - 2012-07-08 20:43 - 00000000 ____D C:\Users\deano\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-07-08 20:36 - 2012-07-08 20:43 - 00000000 ____D C:\Users\All Users\Wacom
    2012-07-08 20:36 - 2012-07-08 20:43 - 00000000 ____D C:\Users\All Users\Application Data\Wacom
    2012-07-08 20:36 - 2012-07-08 20:36 - 00001147 ____A C:\Users\Public\Desktop\Bamboo Dock.lnk
    2012-07-08 20:36 - 2012-07-08 20:36 - 00001147 ____A C:\Users\All Users\Desktop\Bamboo Dock.lnk
    2012-07-08 20:36 - 2012-07-08 20:36 - 00000000 ____D C:\Users\deano\AppData\Roaming\Wacom
    2012-07-08 20:36 - 2012-07-08 20:36 - 00000000 ____D C:\Program Files (x86)\Bamboo Dock
    2012-07-08 20:31 - 2012-08-04 23:10 - 00002754 ____A C:\Windows\setupact.log
    2012-07-08 20:31 - 2012-07-08 20:31 - 00000000 ____D C:\Users\deano\AppData\Roaming\WTablet
    2012-07-08 20:31 - 2012-07-08 20:31 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
    2012-07-08 20:31 - 2012-07-08 20:31 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-08 20:31 - 2011-09-08 01:49 - 00016168 ____A (Wacom Technology) C:\Windows\System32\Drivers\wacomvhid.sys
    2012-07-08 20:31 - 2011-09-08 01:49 - 00012848 ____A (Wacom Technology) C:\Windows\System32\Drivers\wacommousefilter.sys
    2012-07-08 20:31 - 2011-09-08 01:48 - 01326456 ____A (Wacom Technology, Corp.) C:\Windows\System32\Pen_Touch_Tablet.dll
    2012-07-08 20:31 - 2011-09-08 01:48 - 01107832 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Touch_Tablet.dll
    2012-07-08 20:30 - 2012-07-08 20:31 - 00000000 ____D C:\Program Files\Tablet
    2012-07-08 20:30 - 2011-09-08 01:48 - 01665400 ____A (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.dll
    2012-07-08 20:30 - 2011-09-08 01:48 - 01401208 ____A (Wacom Technology, Corp.) C:\Windows\System32\Wintab32.dll
    2012-07-08 20:30 - 2011-09-08 01:48 - 01392504 ____A (Wacom Technology, Corp.) C:\Windows\System32\WacomMT.dll
    2012-07-08 20:30 - 2011-09-08 01:48 - 01369464 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Tablet.dll
    2012-07-08 20:30 - 2011-09-08 01:48 - 01156472 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
    2012-07-08 20:30 - 2011-09-08 01:48 - 01152888 ____A (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
    2012-07-08 20:30 - 2011-06-15 14:00 - 00000488 ____A C:\Windows\System32\PenTouchTabletUserDefaults.xml
    2012-07-08 20:30 - 2011-06-15 14:00 - 00000488 ____A C:\Windows\System32\PenTabletUserDefaults.xml
    2012-07-08 20:27 - 2012-07-08 20:27 - 00000000 ___HD C:\Users\All Users\CanonIJMyPrinter
    2012-07-08 20:27 - 2012-07-08 20:27 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJMyPrinter
    2012-07-08 20:26 - 2012-08-05 00:10 - 00000000 ____D C:\Users\All Users\CanonIJPLM
    2012-07-08 20:26 - 2012-08-05 00:10 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJPLM
    2012-07-08 20:26 - 2012-07-08 20:26 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
    2012-07-08 20:26 - 2012-07-08 20:26 - 00000000 ____D C:\Users\All Users\Application Data\Canon IJ Network Tool
    2012-07-08 20:26 - 2011-03-30 18:07 - 00114688 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATU.dll
    2012-07-08 20:26 - 2011-03-29 20:54 - 00323584 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATL.dll
    2012-07-08 20:26 - 2010-11-11 19:13 - 00068096 ____A C:\Windows\SysWOW64\CNC1754D.TBL
    2012-07-08 20:26 - 2008-08-25 02:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
    2012-07-08 20:25 - 2012-07-08 20:25 - 00000000 ____D C:\Users\All Users\CanonIJWSpt
    2012-07-08 20:25 - 2012-07-08 20:25 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJWSpt
    2012-07-08 20:25 - 2012-07-08 20:25 - 00000000 ____D C:\Program Files\Common Files\CANON
    2012-07-08 20:24 - 2012-07-08 20:24 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
    2012-07-08 20:24 - 2012-07-08 20:24 - 00000000 ___HD C:\Users\All Users\CanonBJ
    2012-07-08 20:24 - 2012-07-08 20:24 - 00000000 ___HD C:\Users\All Users\Application Data\CanonBJ
    2012-07-08 20:24 - 2012-07-08 20:24 - 00000000 ____D C:\Program Files\Canon
    2012-07-08 20:24 - 2011-05-22 13:00 - 00385536 ____A (CANON INC.) C:\Windows\System32\CNMLMAT.DLL
    2012-07-08 20:23 - 2012-07-08 20:23 - 00000000 ___HD C:\Program Files\CanonBJ
    2012-07-08 20:23 - 2012-07-08 20:23 - 00000000 ____D C:\Windows\System32\STRING
    2012-07-08 20:23 - 2011-02-02 16:20 - 00256000 ____A (CANON INC.) C:\Windows\System32\CNMIUAT.DLL
    2012-07-08 20:23 - 2011-02-01 00:23 - 00355840 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
    2012-07-08 20:23 - 2011-02-01 00:23 - 00038400 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
    2012-07-08 20:15 - 2012-07-08 20:27 - 00000000 ____D C:\Program Files (x86)\Canon
    2012-07-08 18:57 - 2012-07-08 18:57 - 00090282 ____A C:\Users\deano\Downloads\cc_20120709_105655.reg
    2012-07-08 18:54 - 2012-07-08 18:54 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-08 18:54 - 2012-07-08 18:54 - 00000822 ____A C:\Users\All Users\Desktop\CCleaner.lnk
    2012-07-08 18:54 - 2012-07-08 18:54 - 00000000 ____D C:\Program Files\CCleaner
    2012-07-08 18:53 - 2012-07-08 18:53 - 03889704 ____A (Piriform Ltd) C:\Users\deano\Downloads\ccsetup320.exe
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\UpdatusUser\Desktop\CyberLink WaveEditor.lnk
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\Default\Desktop\CyberLink WaveEditor.lnk
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk
    2012-07-08 04:48 - 2012-07-08 04:48 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
    2012-07-08 04:48 - 2012-07-08 04:48 - 00000000 ____D C:\Users\All Users\eSellerate
    2012-07-08 04:48 - 2012-07-08 04:48 - 00000000 ____D C:\Users\All Users\Application Data\SmartSound Software Inc
    2012-07-08 04:48 - 2012-07-08 04:48 - 00000000 ____D C:\Users\All Users\Application Data\eSellerate
    2012-07-08 04:48 - 2012-07-08 04:48 - 00000000 ____D C:\Program Files (x86)\SmartSound Software
    2012-07-08 04:46 - 2012-07-08 04:47 - 00000000 ____D C:\Program Files\CyberLink
    2012-07-08 02:28 - 2012-07-08 02:30 - 00000000 ____D C:\Users\All Users\YouTube Downloader
    2012-07-08 02:28 - 2012-07-08 02:30 - 00000000 ____D C:\Users\All Users\Application Data\YouTube Downloader
    2012-07-08 02:26 - 2012-07-08 02:30 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
    2012-07-08 02:22 - 2012-07-08 03:03 - 00000000 __HDC C:\Users\All Users\Application Data\{654BBB15-6EFB-44E9-9E8B-F75DAF1B3B4C}
    2012-07-08 02:22 - 2012-07-08 03:03 - 00000000 __HDC C:\Users\All Users\{654BBB15-6EFB-44E9-9E8B-F75DAF1B3B4C}
    2012-07-08 02:22 - 2012-07-08 02:22 - 00000000 ____D C:\Users\deano\AppData\Local\PackageAware
    2012-07-07 22:30 - 2012-07-07 22:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-07-07 17:40 - 2012-07-07 17:40 - 00000000 ____D C:\Users\All Users\Image Trends Inc
    2012-07-07 17:40 - 2012-07-07 17:40 - 00000000 ____D C:\Users\All Users\Application Data\Image Trends Inc
    2012-07-07 17:38 - 2012-07-07 17:38 - 00000000 ____D C:\Program Files (x86)\Image Trends Inc
    2012-07-07 17:38 - 2012-07-07 17:38 - 00000000 ____D C:\AuthLog
    2012-07-07 13:56 - 2012-08-04 19:52 - 00001456 ____A C:\Users\deano\AppData\Local\Adobe Save for Web 13.0 Prefs
    2012-07-07 00:26 - 2012-08-04 00:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-06 23:00 - 2012-07-09 21:21 - 00000000 ____D C:\Program Files (x86)\AKVIS
    2012-07-06 22:08 - 2012-07-06 22:08 - 00000000 ____D C:\Users\deano\Documents\Adobe
    2012-07-06 22:06 - 2011-09-27 21:39 - 00004608 ____A C:\Windows\SysWOW64\ColorEfexPro4FC64.dll
    2012-07-06 22:03 - 2012-07-09 21:30 - 00000000 ____D C:\Users\deano\AppData\Roaming\ThePluginSite
    2012-07-06 21:47 - 2012-07-06 21:47 - 00002769 ____A C:\Users\Public\Desktop\Launch Mystical.lnk
    2012-07-06 21:47 - 2012-07-06 21:47 - 00002769 ____A C:\Users\All Users\Desktop\Launch Mystical.lnk
    2012-07-06 21:37 - 2012-07-06 21:37 - 00002296 ____A C:\Users\UpdatusUser\Desktop\Mystical 2.0.lnk
    2012-07-06 21:37 - 2012-07-06 21:37 - 00002296 ____A C:\Users\deano\Desktop\Mystical 2.0.lnk
    2012-07-06 21:37 - 2012-07-06 21:37 - 00000000 ____D C:\Users\deano\AppData\Roaming\Auto FX Software
    2012-07-06 21:37 - 2004-03-29 01:23 - 00090112 ____A (MindVision Software) C:\Windows\unvise32.exe
    2012-07-06 20:57 - 2012-08-04 18:09 - 00000000 ____D C:\Users\deano\AppData\Local\Alien Skin
    2012-07-06 20:43 - 2012-07-21 19:52 - 00000000 ____D C:\Program Files\Imagenomic
    2012-07-06 19:07 - 2012-07-06 19:07 - 00000000 ____D C:\Program Files (x86)\FastStone Capture
    2012-07-06 19:03 - 2012-07-28 18:51 - 00000000 ____D C:\Users\deano\Downloads\plugins
    2012-07-06 17:02 - 2012-03-01 01:39 - 00021264 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver.sys
    2012-07-06 17:01 - 2012-03-08 20:23 - 04747328 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\BCMWL664.SYS
    2012-07-06 17:01 - 2012-03-08 19:50 - 00095544 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
    2012-07-06 17:01 - 2012-03-08 19:38 - 03952640 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvsrv64.dll
    2012-07-06 17:01 - 2012-03-08 19:38 - 03617792 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvui64.dll
    2012-07-06 13:31 - 2012-07-06 13:32 - 00000000 ____D C:\Users\deano\AppData\Roaming\ts3overlay
    2012-07-06 13:30 - 2012-07-10 16:29 - 00000000 ____D C:\Users\deano\AppData\Roaming\TS3Client

    ============ 3 Months Modified Files ========================

    2012-08-05 00:13 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-04 23:55 - 2012-08-04 23:54 - 04725168 ____A (Swearware) C:\Users\deano\Downloads\ComboFix.exe
    2012-08-04 23:19 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 23:19 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 23:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-04 23:10 - 2012-07-08 20:31 - 00002754 ____A C:\Windows\setupact.log
    2012-08-04 23:09 - 2012-08-04 23:09 - 02841104 ____A (Symantec Corporation) C:\Users\deano\Downloads\NPE.exe
    2012-08-04 23:09 - 2012-08-04 23:09 - 00096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR300.SYS
    2012-08-04 22:47 - 2012-08-04 22:47 - 00002769 ____A C:\Users\deano\Desktop\RKreport[1].txt
    2012-08-04 22:26 - 2012-08-04 22:26 - 00000646 ____A C:\Users\deano\Downloads\gmer.txt
    2012-08-04 21:43 - 2012-07-09 01:01 - 00010480 ____A C:\Windows\PFRO.log
    2012-08-04 21:37 - 2012-08-04 21:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 21:37 - 2012-08-04 21:37 - 00001113 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 21:35 - 2012-08-04 21:27 - 48357912 ____A (Logitech Inc.) C:\Users\deano\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe
    2012-08-04 21:31 - 2012-08-04 21:31 - 00069730 ____A C:\Users\deano\Downloads\Extras.Txt
    2012-08-04 19:52 - 2012-07-07 13:56 - 00001456 ____A C:\Users\deano\AppData\Local\Adobe Save for Web 13.0 Prefs
    2012-08-04 19:41 - 2012-08-04 19:41 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-04 19:41 - 2012-08-04 19:41 - 00001922 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
    2012-08-04 19:41 - 2012-08-04 19:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-04 19:38 - 2012-08-04 19:12 - 89340632 ____A C:\Users\deano\Downloads\avast_free_antivirus_setup(1).exe
    2012-08-04 18:40 - 2012-07-04 08:56 - 01861862 ____A C:\Windows\WindowsUpdate.log
    2012-08-04 18:05 - 2012-08-04 18:06 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-08-04 18:05 - 2012-08-04 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-04 18:05 - 2012-08-04 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-04 18:04 - 2012-08-04 18:04 - 00893936 ____A (Oracle Corporation) C:\Users\deano\Downloads\jxpiinstall.exe
    2012-08-04 00:23 - 2012-07-07 00:26 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-08-03 03:02 - 2012-06-27 23:02 - 00000213 ____A C:\Users\deano\.swfinfo
    2012-08-02 17:52 - 2012-08-02 17:52 - 00000132 ____A C:\Users\deano\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2012-08-01 18:31 - 2012-08-01 18:29 - 00061431 ____A C:\Users\deano\Documents\agora.log
    2012-08-01 00:18 - 2012-08-01 00:18 - 00001060 ____A C:\Users\deano\Downloads\viewer codec pack - Shortcut.lnk
    2012-07-31 21:34 - 2012-07-31 21:34 - 00001011 ____A C:\Users\deano\Desktop\Kolor Panotour Pro 1.8.lnk
    2012-07-30 02:38 - 2012-07-30 02:38 - 00001023 ____A C:\Users\deano\Desktop\Kolor Autopano Giga 2.6.lnk
    2012-07-29 05:58 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-28 17:50 - 2012-07-04 18:48 - 00114312 ____A C:\Users\deano\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-28 15:33 - 2012-02-28 22:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-28 15:33 - 2012-02-28 22:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-28 11:22 - 2009-07-13 20:45 - 05042592 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-28 01:59 - 2012-07-21 00:22 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-27 23:30 - 2012-07-27 23:30 - 00001250 ____A C:\Users\deano\Desktop\PTGui.exe - Shortcut.lnk
    2012-07-26 02:53 - 2012-07-05 17:43 - 00001221 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    2012-07-26 02:53 - 2012-07-05 17:43 - 00001221 ____A C:\Users\All Users\Desktop\TeamSpeak 3 Client.lnk
    2012-07-22 17:22 - 2012-07-22 17:22 - 00000922 ____A C:\Users\Public\Desktop\Tintii.lnk
    2012-07-22 17:22 - 2012-07-22 17:22 - 00000922 ____A C:\Users\All Users\Desktop\Tintii.lnk
    2012-07-21 23:44 - 2012-07-21 23:40 - 00000178 ____A C:\Users\deano\Desktop\brownie in a mug.txt
    2012-07-21 23:06 - 2012-07-21 23:06 - 25554752 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 25222464 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 19454272 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 17660224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 15025984 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 14312256 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-21 23:06 - 2012-07-21 23:06 - 09731392 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 08037696 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 07724864 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 05919040 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02873664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02673984 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02518336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02438464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 02316608 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00813376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-21 23:06 - 2012-07-21 23:06 - 00030016 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
    2012-07-21 23:06 - 2012-04-19 18:13 - 02676544 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 01737536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 01466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 00963392 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 00260928 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 00215360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-07-21 23:06 - 2012-04-19 18:13 - 00014669 ____A C:\Windows\System32\nvinfo.pb
    2012-07-21 19:53 - 2012-07-05 18:02 - 00004063 ____A C:\Users\deano\Documents\PerfectLayersConduit.log
    2012-07-21 19:53 - 2012-07-05 18:02 - 00003001 ____A C:\Users\deano\Documents\PerfectPortraitConduit.log
    2012-07-21 19:53 - 2012-07-05 18:02 - 00002992 ____A C:\Users\deano\Documents\PerfectEffectsConduit.log
    2012-07-21 19:53 - 2012-07-05 18:02 - 00002035 ____A C:\Users\deano\Documents\PhotoFrameConduit.log
    2012-07-21 19:53 - 2012-07-05 18:02 - 00002002 ____A C:\Users\deano\Documents\GenuineFractalsConduit.log
    2012-07-21 19:53 - 2012-07-05 18:02 - 00001963 ____A C:\Users\deano\Documents\FocalPointConduit.log
    2012-07-20 21:33 - 2012-07-20 21:33 - 00002145 ____A C:\Users\UpdatusUser\Desktop\Mystical.lnk
    2012-07-20 21:33 - 2012-07-20 21:33 - 00002145 ____A C:\Users\deano\Desktop\Mystical.lnk
    2012-07-18 20:41 - 2012-07-18 20:41 - 00001434 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    2012-07-18 20:41 - 2012-07-18 20:41 - 00001434 ____A C:\Users\All Users\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
    2012-07-18 20:41 - 2012-07-18 20:39 - 12086624 ____A (EaseUS ) C:\Users\deano\Downloads\easus partition.exe
    2012-07-18 19:52 - 2012-07-18 19:52 - 00000017 ____A C:\Users\deano\AppData\Local\resmon.resmoncfg
    2012-07-18 17:41 - 2012-07-18 17:41 - 00001214 ____A C:\Users\UpdatusUser\Desktop\Disk Heal.lnk
    2012-07-16 17:22 - 2012-07-16 17:22 - 00002067 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk
    2012-07-16 17:22 - 2012-07-16 17:22 - 00002067 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk
    2012-07-15 23:31 - 2012-07-15 23:31 - 00000824 ____A C:\Users\UpdatusUser\Desktop\Handbrake.lnk
    2012-07-15 23:31 - 2012-07-15 23:31 - 00000824 ____A C:\Users\deano\Desktop\Handbrake.lnk
    2012-07-15 23:21 - 2012-07-15 23:20 - 07210563 ____A C:\Users\deano\Downloads\HandBrake-0.9.7-x86_64-Win_GUI.exe
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\b196ed68
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\b139d036
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\4f9f0a21
    2012-07-15 23:09 - 2012-07-15 23:09 - 00004640 ____A C:\Users\deano\AppData\Roaming\4f79b869
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\36ec0dca
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\3695ac3f
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\363627eb
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35e7f26f
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35965e47
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\35453fb2
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\34f67d27
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\349dc2c9
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\3447e845
    2012-07-15 23:08 - 2012-07-15 23:08 - 00004640 ____A C:\Users\deano\AppData\Roaming\33e8c549
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\ca14a7f4
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c9f199a7
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c9972998
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c97c73d5
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c95b14fe
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c63c77eb
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\c61c9f5c
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bd199199
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bcbbf55d
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\bc90f3a9
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1db7c8e
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1b811aa
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a18b1072
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\a165919e
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\9d144fdd
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\34c0d8a0
    2012-07-15 23:07 - 2012-07-15 23:07 - 00004640 ____A C:\Users\deano\AppData\Roaming\34a099f9
    2012-07-15 23:02 - 2012-07-15 23:02 - 00000675 ____A C:\Users\deano\Desktop\MediaInfo.lnk
    2012-07-15 23:01 - 2012-07-15 23:01 - 03130280 ____A (MediaArea.net) C:\Users\deano\Downloads\MediaInfo_GUI_0.7.58_Windows_x64.exe
    2012-07-14 19:09 - 2012-07-14 19:06 - 12985328 ____A C:\Users\deano\Downloads\PTGui_Pro_9.1.3_trial_Setup.exe
    2012-07-12 02:30 - 2012-07-12 02:30 - 00007680 ____A C:\Users\deano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-11 15:53 - 2012-07-11 15:53 - 00004640 ____A C:\Users\deano\AppData\Roaming\e40261ac
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\9d479513
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\6a296173
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\69c93149
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\5cd9893f
    2012-07-11 15:52 - 2012-07-11 15:52 - 00004640 ____A C:\Users\deano\AppData\Roaming\5c7fda7b
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\8717f268
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\86d86f96
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\4077fa38
     
  7. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    pt 3:
    2012-07-11 15:51 - 2012-07-11 15:51 - 00004640 ____A C:\Users\deano\AppData\Roaming\40580889
    2012-07-11 15:50 - 2012-07-11 15:50 - 00004640 ____A C:\Users\deano\AppData\Roaming\d872fb7c
    2012-07-11 15:50 - 2012-07-11 15:50 - 00004640 ____A C:\Users\deano\AppData\Roaming\d8435ec4
    2012-07-11 15:49 - 2012-07-11 15:49 - 00004640 ____A C:\Users\deano\AppData\Roaming\5164c502
    2012-07-11 15:49 - 2012-07-11 15:49 - 00004640 ____A C:\Users\deano\AppData\Roaming\5110fa3a
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\ab7ca2dd
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\ab1ccfb6
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\7ef7335d
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\67fb1f28
    2012-07-11 15:45 - 2012-07-11 15:45 - 00004640 ____A C:\Users\deano\AppData\Roaming\679f06e3
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\896a698c
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\893e067e
    2012-07-11 15:44 - 2012-07-11 15:44 - 00004640 ____A C:\Users\deano\AppData\Roaming\84eed4ab
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a6c1af9b
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a6a4fabe
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a20f0701
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1f91480
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1e0e875
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a1a65b59
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\a189cfb0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9cce4a49
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b6f2fc6
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b5770f0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b3678fc
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9b1c63d1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\9ab8266b
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\78e62fd1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47b8d0e1
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47994f7d
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\47158d3c
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\46e9c689
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\46b7e9cf
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\4657ce79
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\4462c1ec
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3d501e45
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3bcd69ab
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3bb58b98
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b8fdd62
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b7468f0
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\3b0d2b9e
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\30f6d2c
    2012-07-11 15:43 - 2012-07-11 15:43 - 00004640 ____A C:\Users\deano\AppData\Roaming\2b1262a
    2012-07-11 11:02 - 2012-07-04 17:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 23:06 - 2012-07-10 23:04 - 10768856 ____A (Xvid Team) C:\Users\deano\Downloads\Xvid-1.3.2-20110601.exe
    2012-07-10 22:26 - 2012-07-10 22:26 - 00002721 ____A C:\Users\deano\Desktop\Jasc Animation Shop 3.lnk
    2012-07-10 22:20 - 2012-07-10 22:19 - 11098032 ____A (Jasc Software Inc ) C:\Users\deano\Downloads\Animation Shop 3 - FULL.exe
    2012-07-10 17:09 - 2012-07-10 17:08 - 09001788 ____A (Allok Soft Inc. ) C:\Users\deano\Downloads\allok_vjoiner.exe
    2012-07-09 18:33 - 2012-07-09 18:33 - 00001658 ____A C:\Users\UpdatusUser\Desktop\Pano2VR 64bit.lnk
    2012-07-09 18:33 - 2012-07-09 18:33 - 00001658 ____A C:\Users\deano\Desktop\Pano2VR 64bit.lnk
    2012-07-09 18:13 - 2012-07-09 18:12 - 15804120 ____A (Garden Gnome Software) C:\Users\deano\Downloads\pano2vr_install64_3_1_4.exe
    2012-07-09 14:08 - 2012-07-09 14:08 - 00000132 ____A C:\Users\deano\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2012-07-09 13:59 - 2012-07-09 13:57 - 63418009 ____A C:\Users\deano\Downloads\Perfect_Resize_7.0.7_PE.zip
    2012-07-08 20:36 - 2012-07-08 20:36 - 00001147 ____A C:\Users\Public\Desktop\Bamboo Dock.lnk
    2012-07-08 20:36 - 2012-07-08 20:36 - 00001147 ____A C:\Users\All Users\Desktop\Bamboo Dock.lnk
    2012-07-08 20:36 - 2012-01-17 16:25 - 00000002 ____A C:\Users\deano\.bdockinstall.log
    2012-07-08 20:31 - 2012-07-08 20:31 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-08 18:57 - 2012-07-08 18:57 - 00090282 ____A C:\Users\deano\Downloads\cc_20120709_105655.reg
    2012-07-08 18:54 - 2012-07-08 18:54 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-08 18:54 - 2012-07-08 18:54 - 00000822 ____A C:\Users\All Users\Desktop\CCleaner.lnk
    2012-07-08 18:53 - 2012-07-08 18:53 - 03889704 ____A (Piriform Ltd) C:\Users\deano\Downloads\ccsetup320.exe
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\UpdatusUser\Desktop\CyberLink WaveEditor.lnk
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\Default\Desktop\CyberLink WaveEditor.lnk
    2012-07-08 04:48 - 2012-07-08 04:48 - 00002083 ____A C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk
    2012-07-06 22:32 - 2009-12-18 01:58 - 00004608 ____A C:\Windows\System32\Viveza2FC64.dll
    2012-07-06 21:47 - 2012-07-06 21:47 - 00002769 ____A C:\Users\Public\Desktop\Launch Mystical.lnk
    2012-07-06 21:47 - 2012-07-06 21:47 - 00002769 ____A C:\Users\All Users\Desktop\Launch Mystical.lnk
    2012-07-06 21:37 - 2012-07-06 21:37 - 00002296 ____A C:\Users\UpdatusUser\Desktop\Mystical 2.0.lnk
    2012-07-06 21:37 - 2012-07-06 21:37 - 00002296 ____A C:\Users\deano\Desktop\Mystical 2.0.lnk
    2012-07-06 16:41 - 2012-07-05 22:59 - 00001456 ____A C:\Users\deano\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-06 15:54 - 2012-07-05 14:25 - 00003072 ____A C:\Windows\System32\Viveza2FC32.dll
    2012-07-05 23:20 - 2012-07-05 23:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-07-05 23:20 - 2012-07-05 23:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
    2012-07-05 22:04 - 2012-07-05 22:04 - 00002089 ____A C:\Users\Public\Desktop\CuteFTP 8 Professional.lnk
    2012-07-05 22:04 - 2012-07-05 22:04 - 00002089 ____A C:\Users\All Users\Desktop\CuteFTP 8 Professional.lnk
    2012-07-05 22:04 - 2012-07-05 21:46 - 00010752 ____A C:\Windows\SysWOW64\BASSMOD.dll
    2012-07-05 20:10 - 2012-07-05 20:10 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-05 20:10 - 2012-07-05 20:10 - 00001783 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-07-05 18:04 - 2012-07-05 18:04 - 00001869 ____A C:\Users\UpdatusUser\Desktop\Pano2VR.lnk
    2012-07-05 18:04 - 2012-07-05 18:04 - 00001869 ____A C:\Users\deano\Desktop\Pano2VR.lnk
    2012-07-05 13:35 - 2012-07-05 13:35 - 00002847 ____A C:\Users\Public\Desktop\ACDSee Pro 5.lnk
    2012-07-05 13:35 - 2012-07-05 13:35 - 00002847 ____A C:\Users\All Users\Desktop\ACDSee Pro 5.lnk
    2012-07-05 06:06 - 2012-08-04 18:06 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-05 06:06 - 2012-08-04 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 02:35 - 2012-07-05 02:35 - 00032632 ____A C:\Windows\System32\emptyregdb.dat
    2012-07-04 21:00 - 2012-07-04 21:00 - 00001889 ____A C:\Users\Public\Desktop\PhoenixRC.lnk
    2012-07-04 21:00 - 2012-07-04 21:00 - 00001889 ____A C:\Users\All Users\Desktop\PhoenixRC.lnk
    2012-07-04 20:37 - 2012-07-04 20:37 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-07-04 20:37 - 2012-07-04 20:37 - 00000947 ____A C:\Users\All Users\Desktop\µTorrent.lnk
    2012-07-04 20:17 - 2012-07-04 20:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-07-04 20:15 - 2012-07-04 20:15 - 00002090 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    2012-07-04 20:15 - 2012-07-04 20:15 - 00002090 ____A C:\Users\All Users\Desktop\Mozilla Thunderbird.lnk
    2012-07-04 02:16 - 2012-07-04 02:16 - 00000020 ___SH C:\Users\deano\ntuser.ini
    2012-07-03 08:21 - 2012-08-04 19:41 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-08-04 19:41 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-08-04 19:41 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-08-04 19:41 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-08-04 19:41 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-08-04 19:41 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-03 08:21 - 2012-08-04 19:41 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-08-04 19:40 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-03 08:21 - 2012-08-04 19:40 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-02 21:46 - 2012-08-04 21:37 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 23:35 - 2012-07-01 22:35 - 00871716 ____A C:\Users\deano\Downloads\MY CESSNA.psd
    2012-07-01 23:34 - 2012-07-01 23:34 - 02097208 ____A C:\Users\deano\Downloads\MY CESSNA.bmp
    2012-06-30 17:01 - 2012-06-30 17:01 - 02231002 ____A C:\Users\deano\Downloads\phoenixRC_creator.phx
    2012-06-24 17:40 - 2012-02-26 19:44 - 00000335 ____A C:\Users\deano\Desktop\New Text Document (2).txt
    2012-06-11 19:08 - 2012-07-11 11:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 10:17 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 10:17 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-11 10:18 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 10:18 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 10:17 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 10:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 10:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 10:17 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-07-04 17:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-04 17:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-04 17:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-04 17:41 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-04 17:41 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-07-04 17:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-07-04 17:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 04:49 - 2012-07-11 11:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 11:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 11:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 11:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-11 11:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-11 11:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-11 11:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-11 11:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 11:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 11:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 11:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 11:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 11:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 11:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 11:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 11:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 11:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 11:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 11:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 11:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 11:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 11:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 11:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 11:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 11:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 11:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 11:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 11:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 23:19 - 2012-07-04 17:41 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-07-04 17:41 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-11 10:17 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 10:17 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 10:17 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 10:17 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 10:17 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 10:17 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 10:17 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 10:17 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 10:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-30 20:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-28 00:40 - 2012-01-05 01:32 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
    2012-05-28 00:40 - 2012-01-05 01:32 - 00000349 ____A C:\Users\All Users\Documents\PCLECHAL.INI
    2012-05-21 00:47 - 2012-05-21 00:47 - 00264064 ____A (AKVIS) C:\Coloriage.8bf
    2012-05-17 01:36 - 2012-07-18 20:41 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe
    2012-05-16 01:32 - 2012-05-16 01:31 - 00000445 ____A C:\rkill.log
    2012-05-14 19:13 - 2012-07-18 20:41 - 03316736 ____A C:\Windows\System32\BootMan.exe

    ZeroAccess:
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\@
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\L
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\L\00000004.@
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\L\201d3dde
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\00000004.@
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\00000008.@
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\000000cb.@
    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\80000000.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8089.31 MB
    Available physical RAM: 7181.35 MB
    Total Pagefile: 8087.46 MB
    Available Pagefile: 7183.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:574.53 GB) (Free:392.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
    5 Drive h: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 574 GB 200 MB
    Partition 3 Primary 21 GB 574 GB
    Partition 4 Primary 103 MB 596 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 574 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 21 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3820 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 3820 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-27 15:58

    ======================= End Of Log ==========================
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  9. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Thanks, done:

    Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-06 08:15:33
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST64 Fixlist

    Download the attached fixlist.txt and save it to your flash drive in the same directory as FRST64.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     

    Attached Files:

  11. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Hi, Avast is no longer alerting and rebooted normally. You did all that fixlist code for me? A paypal donate will be coming your way!

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-06 17:58:01 Run:1
    Running from H:\

    ==============================================

    C:\Windows\Installer\{3db0ba6e-f958-7601-468e-97dfc5d91fb2} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\install.exe Value deleted successfully.
    C:\Users\deano\AppData\Local\Temp\install.exe not found.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Notification Packages Default value restored successfully .
    C:\Users\deano\AppData\Roaming\b196ed68 moved successfully.
    C:\Users\deano\AppData\Roaming\b139d036 moved successfully.
    C:\Users\deano\AppData\Roaming\4f9f0a21 moved successfully.
    C:\Users\deano\AppData\Roaming\4f79b869 moved successfully.
    C:\Users\deano\AppData\Roaming\36ec0dca moved successfully.
    C:\Users\deano\AppData\Roaming\3695ac3f moved successfully.
    C:\Users\deano\AppData\Roaming\363627eb moved successfully.
    C:\Users\deano\AppData\Roaming\35e7f26f moved successfully.
    C:\Users\deano\AppData\Roaming\35965e47 moved successfully.
    C:\Users\deano\AppData\Roaming\35453fb2 moved successfully.
    C:\Users\deano\AppData\Roaming\34f67d27 moved successfully.
    C:\Users\deano\AppData\Roaming\349dc2c9 moved successfully.
    C:\Users\deano\AppData\Roaming\3447e845 moved successfully.
    C:\Users\deano\AppData\Roaming\33e8c549 moved successfully.
    C:\Users\deano\AppData\Roaming\ca14a7f4 moved successfully.
    C:\Users\deano\AppData\Roaming\c9f199a7 moved successfully.
    C:\Users\deano\AppData\Roaming\c9972998 moved successfully.
    C:\Users\deano\AppData\Roaming\c97c73d5 moved successfully.
    C:\Users\deano\AppData\Roaming\c95b14fe moved successfully.
    C:\Users\deano\AppData\Roaming\c63c77eb moved successfully.
    C:\Users\deano\AppData\Roaming\c61c9f5c moved successfully.
    C:\Users\deano\AppData\Roaming\bd199199 moved successfully.
    C:\Users\deano\AppData\Roaming\bcbbf55d moved successfully.
    C:\Users\deano\AppData\Roaming\bc90f3a9 moved successfully.
    C:\Users\deano\AppData\Roaming\a1db7c8e moved successfully.
    C:\Users\deano\AppData\Roaming\a1b811aa moved successfully.
    C:\Users\deano\AppData\Roaming\a18b1072 moved successfully.
    C:\Users\deano\AppData\Roaming\a165919e moved successfully.
    C:\Users\deano\AppData\Roaming\9d144fdd moved successfully.
    C:\Users\deano\AppData\Roaming\34c0d8a0 moved successfully.
    C:\Users\deano\AppData\Roaming\34a099f9 moved successfully.
    C:\Users\deano\Downloads\MediaInfo_GUI_0.7.58_Windows_x64.exe moved successfully.
    C:\Users\deano\Downloads\PTGui 9.1.2 + Serial + Crack EXE moved successfully.
    C:\Users\deano\AppData\Roaming\e40261ac moved successfully.
    C:\Users\deano\AppData\Roaming\9d479513 moved successfully.
    C:\Users\deano\AppData\Roaming\6a296173 moved successfully.
    C:\Users\deano\AppData\Roaming\69c93149 moved successfully.
    C:\Users\deano\AppData\Roaming\5cd9893f moved successfully.
    C:\Users\deano\AppData\Roaming\5c7fda7b moved successfully.
    C:\Users\deano\AppData\Roaming\8717f268 moved successfully.
    C:\Users\deano\AppData\Roaming\86d86f96 moved successfully.
    C:\Users\deano\AppData\Roaming\4077fa38 moved successfully.
    C:\Users\deano\AppData\Roaming\40580889 moved successfully.
    C:\Users\deano\AppData\Roaming\d872fb7c moved successfully.
    C:\Users\deano\AppData\Roaming\d8435ec4 moved successfully.
    C:\Users\deano\AppData\Roaming\5164c502 moved successfully.
    C:\Users\deano\AppData\Roaming\5110fa3a moved successfully.
    C:\Users\deano\AppData\Roaming\ab7ca2dd moved successfully.
    C:\Users\deano\AppData\Roaming\ab1ccfb6 moved successfully.
    C:\Users\deano\AppData\Roaming\7ef7335d moved successfully.
    C:\Users\deano\AppData\Roaming\67fb1f28 moved successfully.
    C:\Users\deano\AppData\Roaming\679f06e3 moved successfully.
    C:\Users\deano\AppData\Roaming\896a698c moved successfully.
    C:\Users\deano\AppData\Roaming\893e067e moved successfully.
    C:\Users\deano\AppData\Roaming\84eed4ab moved successfully.
    C:\Users\deano\AppData\Roaming\a6c1af9b moved successfully.
    C:\Users\deano\AppData\Roaming\a6a4fabe moved successfully.
    C:\Users\deano\AppData\Roaming\a20f0701 moved successfully.
    C:\Users\deano\AppData\Roaming\a1f91480 moved successfully.
    C:\Users\deano\AppData\Roaming\a1e0e875 moved successfully.
    C:\Users\deano\AppData\Roaming\a1a65b59 moved successfully.
    C:\Users\deano\AppData\Roaming\a189cfb0 moved successfully.
    C:\Users\deano\AppData\Roaming\9cce4a49 moved successfully.
    C:\Users\deano\AppData\Roaming\9b6f2fc6 moved successfully.
    C:\Users\deano\AppData\Roaming\9b5770f0 moved successfully.
    C:\Users\deano\AppData\Roaming\9b3678fc moved successfully.
    C:\Users\deano\AppData\Roaming\9b1c63d1 moved successfully.
    C:\Users\deano\AppData\Roaming\9ab8266b moved successfully.
    C:\Users\deano\AppData\Roaming\78e62fd1 moved successfully.
    C:\Users\deano\AppData\Roaming\47b8d0e1 moved successfully.
    C:\Users\deano\AppData\Roaming\47994f7d moved successfully.
    C:\Users\deano\AppData\Roaming\47158d3c moved successfully.
    C:\Users\deano\AppData\Roaming\46e9c689 moved successfully.
    C:\Users\deano\AppData\Roaming\46b7e9cf moved successfully.
    C:\Users\deano\AppData\Roaming\4657ce79 moved successfully.
    C:\Users\deano\AppData\Roaming\4462c1ec moved successfully.
    C:\Users\deano\AppData\Roaming\3d501e45 moved successfully.
    C:\Users\deano\AppData\Roaming\3bcd69ab moved successfully.
    C:\Users\deano\AppData\Roaming\3bb58b98 moved successfully.
    C:\Users\deano\AppData\Roaming\3b8fdd62 moved successfully.
    C:\Users\deano\AppData\Roaming\3b7468f0 moved successfully.
    C:\Users\deano\AppData\Roaming\3b0d2b9e moved successfully.
    C:\Users\deano\AppData\Roaming\30f6d2c moved successfully.
    C:\Users\deano\AppData\Roaming\2b1262a moved successfully.
    C:\Users\deano\Downloads\Boilsoft Video Converter 3.01 build 129 + Serial [ThumperRG] moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Thanks for that! :)

    If you can reboot to Normal Mode now, run the following (otherwise let me know if not):

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  13. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    ComboFix ran fine, here is the log:

    ComboFix 12-08-05.02 - deano 07/08/2012 9:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8089.6084 [GMT 8:00]
    Running from: c:\users\deano\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-06 00:44 . 2012-08-06 00:45 -------- d-----w- C:\FRST
    2012-08-05 07:09 . 2012-08-05 07:22 -------- d-----w- c:\users\deano\AppData\Local\NPE
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\users\deano\AppData\Roaming\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 05:37 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-05 04:40 . 2012-08-05 04:40 -------- d-----w- c:\programdata\Blio
    2012-08-05 04:39 . 2012-08-05 04:41 -------- d-----w- c:\users\deano\AppData\Roaming\Blio
    2012-08-05 03:41 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-05 03:41 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-05 03:41 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-05 03:41 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-05 03:41 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-05 03:41 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-05 03:41 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-05 03:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-05 03:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\programdata\AVAST Software
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\program files\AVAST Software
    2012-08-05 02:46 . 2012-08-05 02:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-05 02:30 . 2012-08-05 02:30 -------- d-----w- c:\windows\Sun
    2012-08-05 02:07 . 2012-08-05 02:07 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-08-05 02:06 . 2012-08-05 02:06 -------- d-----w- c:\program files (x86)\Oracle
    2012-08-05 02:06 . 2012-08-05 02:05 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-05 02:06 . 2012-07-05 14:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-05 02:05 . 2012-08-05 02:05 -------- d-----w- c:\program files (x86)\Java
    2012-08-04 03:22 . 2012-08-04 03:22 -------- d-----w- c:\program files\Easypano
    2012-08-04 02:30 . 2003-04-18 10:46 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-08-04 02:30 . 2003-04-18 10:29 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
    2012-08-04 02:30 . 2003-04-18 10:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2012-08-04 02:30 . 2012-08-05 01:26 -------- d-----w- c:\program files (x86)\Easypano
    2012-08-03 06:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78AE9436-F37F-4960-8E19-9D39420BB35C}\mpengine.dll
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Application Updater
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot
    2012-07-30 10:39 . 2012-08-01 00:29 -------- d-----w- c:\users\deano\AppData\Local\Kolor
    2012-07-30 10:38 . 2012-08-01 00:27 -------- d-----w- c:\program files\Kolor
    2012-07-30 02:26 . 2012-07-30 02:26 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-28 19:05 . 2012-07-28 19:05 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-28 19:02 . 2012-07-28 19:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-07-28 01:58 . 2012-07-28 01:58 -------- d-----w- c:\windows\WICCodecs
    2012-07-24 02:37 . 2012-07-24 02:37 -------- d-----w- c:\programdata\RedGiant
    2012-07-24 02:24 . 2012-07-24 02:24 -------- d-----w- C:\PSCS5PLUGINPATH64BIT
    2012-07-23 01:22 . 2012-07-23 01:22 -------- d-----w- c:\program files\indii.org
    2012-07-21 04:01 . 2012-07-21 04:03 -------- d-----w- c:\program files (x86)\GeniuXPhotoEFX3
    2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-07-19 04:41 . 2012-05-17 09:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
    2012-07-19 04:41 . 2012-05-15 03:13 3316736 ----a-w- c:\windows\system32\BootMan.exe
    2012-07-19 04:41 . 2011-07-29 05:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
    2012-07-19 04:41 . 2011-07-29 05:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2012-07-19 04:41 . 2011-07-29 05:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
    2012-07-19 04:41 . 2011-07-29 05:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2012-07-19 04:41 . 2012-07-19 04:41 -------- d-----w- c:\program files (x86)\EaseUS
    2012-07-19 01:41 . 2012-07-19 01:41 -------- d-----w- c:\program files (x86)\Disk Heal
    2012-07-16 07:32 . 2012-08-06 11:52 -------- d-----w- c:\users\deano\AppData\Roaming\HandBrake
    2012-07-16 07:21 . 2012-07-16 07:31 -------- d-----w- c:\program files\Handbrake
    2012-07-16 07:02 . 2012-07-16 07:02 -------- d-----w- c:\program files\MediaInfo
    2012-07-16 06:27 . 2012-07-16 06:27 -------- d-----w- c:\users\deano\AppData\Roaming\PictureCode
    2012-07-15 03:48 . 2012-07-15 03:48 -------- d-----w- c:\users\deano\AppData\Roaming\FastStone
    2012-07-11 23:43 . 2012-07-11 23:43 -------- d-----w- c:\users\deano\AppData\Roaming\Boilsoft
    2012-07-11 23:43 . 2012-07-11 23:43 -------- d-----w- c:\program files (x86)\Boilsoft Video Converter
    2012-07-11 19:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 18:18 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 18:18 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 18:18 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 18:18 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 18:18 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 18:18 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 09:10 . 2012-07-11 09:10 -------- d-----w- c:\users\deano\AppData\Roaming\DivX
    2012-07-11 07:07 . 2012-07-11 07:07 -------- d-----w- c:\program files (x86)\Xvid
    2012-07-11 07:07 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2012-07-11 07:07 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2012-07-11 07:07 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
    2012-07-11 07:07 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
    2012-07-11 07:07 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2012-07-11 07:07 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
    2012-07-11 07:05 . 2012-07-11 07:05 -------- d-----w- c:\program files\DivX
    2012-07-11 07:05 . 2012-07-11 07:05 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2012-07-11 07:03 . 2012-07-11 07:05 -------- d-----w- c:\program files (x86)\DivX
    2012-07-11 07:02 . 2012-07-11 07:05 -------- d-----w- c:\programdata\DivX
    2012-07-11 06:26 . 2012-07-11 06:26 -------- d-----w- c:\users\deano\AppData\Roaming\Jasc
    2012-07-11 06:21 . 2012-07-11 06:22 -------- d-----w- c:\program files (x86)\Jasc Software Inc
    2012-07-11 01:43 . 2012-07-11 01:43 -------- d-----w- c:\users\deano\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-07-11 01:03 . 2007-04-12 06:19 129024 ----a-w- c:\windows\SysWow64\AVERM.dll
    2012-07-11 01:03 . 2006-09-26 05:57 28672 ----a-w- c:\windows\SysWow64\AVEQT.dll
    2012-07-11 00:57 . 2006-07-18 14:11 376832 ----a-w- c:\windows\SysWow64\MpegSplitter.ax
    2012-07-11 00:57 . 2006-05-04 22:59 421888 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
    2012-07-11 00:57 . 2012-07-11 01:03 -------- d-----w- c:\program files (x86)\Allok Video Splitter
    2012-07-10 07:03 . 2012-07-10 07:03 -------- d-----w- c:\users\deano\AppData\Local\HP
    2012-07-10 05:26 . 2012-07-10 05:26 -------- d-----w- c:\users\deano\AppData\Roaming\AKVIS LLC
    2012-07-10 04:57 . 2012-07-10 04:57 -------- d-----w- c:\programdata\Digital Film Tools
    2012-07-10 04:57 . 2012-07-10 04:57 -------- d-----w- c:\program files\Digital Film Tools
    2012-07-10 02:33 . 2012-07-10 02:33 -------- d-----w- c:\program files\Pano2VR
    2012-07-10 02:11 . 2012-07-10 02:11 -------- d-----w- c:\users\deano\AppData\Roaming\GardenGnomeSoftware
    2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\users\UpdatusUser\AppData\Roaming\onOne Software
    2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software
    2012-07-10 00:12 . 2012-07-10 00:21 -------- d-----w- c:\program files\onOne Software
    2012-07-09 23:11 . 2012-07-10 05:14 -------- d-----w- c:\users\deano\AppData\Roaming\Digital Film Tools
    2012-07-09 21:50 . 2011-10-24 13:15 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
    2012-07-09 21:50 . 2011-10-24 13:15 66560 ----a-w- c:\windows\system32\nlssrv32.exe
    2012-07-09 21:24 . 2012-07-09 21:48 -------- d-----w- c:\users\deano\OnOne Perfect Resize 7.0.6 Pro + Keygen{H33T}{Easypath}
    2012-07-09 09:05 . 2012-07-09 09:05 -------- d-----w- c:\programdata\CanonIJ
    2012-07-09 09:05 . 2012-07-09 09:05 -------- d-----w- c:\users\deano\AppData\Roaming\Canon
    2012-07-09 04:43 . 2012-07-09 04:43 -------- d-----w- c:\users\deano\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-07-09 04:36 . 2012-07-09 04:36 -------- d-----w- c:\users\deano\AppData\Roaming\Wacom
    2012-07-09 04:36 . 2012-07-09 04:43 -------- d-----w- c:\programdata\Wacom
    2012-07-09 04:36 . 2012-07-09 04:36 -------- d-----w- c:\program files (x86)\Bamboo Dock
    2012-07-09 04:26 . 2012-07-09 04:26 -------- d-----w- c:\programdata\Canon IJ Network Tool
    2012-07-09 04:26 . 2011-03-31 02:07 114688 ----a-w- c:\windows\SysWow64\CNC_ATU.dll
    2012-07-09 04:26 . 2011-03-30 04:54 323584 ----a-w- c:\windows\SysWow64\CNC_ATL.dll
    2012-07-09 04:26 . 2008-08-25 10:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
    2012-07-09 04:25 . 2012-07-09 04:25 -------- d-----w- c:\program files\Common Files\CANON
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d-----w- c:\program files\Canon
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d--h--w- c:\programdata\CanonBJ
    2012-07-09 04:24 . 2011-05-22 21:00 98816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAT.DLL
    2012-07-09 04:24 . 2011-05-22 21:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAT.DLL
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-07-09 04:24 . 2011-05-22 21:00 385536 ----a-w- c:\windows\system32\CNMLMAT.DLL
    2012-07-09 04:23 . 2011-02-03 00:20 256000 ----a-w- c:\windows\system32\CNMIUAT.DLL
    2012-07-09 04:23 . 2012-07-09 04:23 -------- d-----w- c:\windows\system32\STRING
    2012-07-09 04:23 . 2011-02-01 08:23 38400 ----a-w- c:\windows\system32\CNMN6UI.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 23:33 . 2012-02-29 06:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 23:33 . 2012-02-29 06:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 07:06 . 2012-04-20 02:13 963392 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 260928 ----a-w- c:\windows\system32\nvinitx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 2676544 ----a-w- c:\windows\system32\nvapi64.dll
    2012-07-11 19:02 . 2012-07-05 01:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 06:32 . 2009-12-18 09:58 4608 ----a-w- c:\windows\system32\Viveza2FC64.dll
    2012-07-06 23:54 . 2012-07-05 22:25 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
    2012-07-05 02:56 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-07-05 01:41 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-07-05 01:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-07-05 01:42 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-07-05 01:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-07-05 01:41 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-07-05 01:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-07-05 01:41 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 07:19 . 2012-07-05 01:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-07-05 01:41 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-21 08:47 . 2012-05-21 08:47 264064 ----a-w- C:\Coloriage.8bf
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 09:20 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\IEBHO.DLL" [2011-12-11 1985352]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{c98ee38d-21e4-4a50-907d-2b56fec7013e}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-06 160328]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-6 1338656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
    R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-03 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-30 276248]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-07-22 30016]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-10-24 66560]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-07-22 2458944]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2011-11-10 60184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-03-01 21264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\x64\IEBHO.dll" [2011-12-11 2221896]
    .
    [HKEY_CLASSES_ROOT\CLSID\{C98EE38D-21E4-4A50-907D-2B56FEC7013E}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2779024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:56990
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: bendigobank.com.au\www
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\deano\AppData\Roaming\Mozilla\Firefox\Profiles\uxttrxf4.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50po"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50pp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50ppf"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.xmp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7a,99,a5,c3,42,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:82,b7,88,54,4b,62,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7c,0a,bd,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:23,51,33,7b,4e,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5d,9e,c1,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5c,69,b5,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:1c,a0,17,cb,16,66,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:0b,fd,aa,19,02,68,cd,01
    DUMPHIVE0.003 (REGF)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
    @=hex:9e,38,d9,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @=hex:57,ed,8c,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @=hex:d1,32,5e,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
    @=hex:9b,37,20,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
    @=hex:96,e0,ef,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
    @=hex:7d,0c,67,84,64,6c,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
    @=hex:4b,b3,05,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @=hex:db,ca,2b,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
    @=hex:df,c6,ca,24,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @=hex:ce,f8,f2,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
    @=hex:32,78,54,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @=hex:49,17,49,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
    @=hex:0c,e9,7b,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
    @=hex:84,3e,2f,2a,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @=hex:44,1d,cc,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @=hex:b0,69,13,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
    @=hex:03,71,c7,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @=hex:3e,f8,41,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
    @=hex:84,a1,83,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
    @=hex:56,73,92,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
    @=hex:1f,3e,9e,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-07 09:26:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-07 01:26
    .
    Pre-Run: 421,297,238,016 bytes free
    Post-Run: 420,883,501,056 bytes free
    .
    - - End Of File - - 8D391DF47779DF0763F4076CB3C1EE23
     
  14. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    sorry for the double post can't seem to delete.
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  16. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Done!

    ComboFix 12-08-05.02 - deano 08/08/2012 7:20.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8089.5724 [GMT 8:00]
    Running from: c:\users\deano\Desktop\ComboFix.exe
    Command switches used :: c:\users\deano\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 23:29 . 2012-08-07 23:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-07 23:29 . 2012-08-07 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-06 00:44 . 2012-08-06 00:45 -------- d-----w- C:\FRST
    2012-08-05 07:09 . 2012-08-05 07:22 -------- d-----w- c:\users\deano\AppData\Local\NPE
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\users\deano\AppData\Roaming\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 05:37 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-05 04:40 . 2012-08-05 04:40 -------- d-----w- c:\programdata\Blio
    2012-08-05 04:39 . 2012-08-05 04:41 -------- d-----w- c:\users\deano\AppData\Roaming\Blio
    2012-08-05 03:41 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-05 03:41 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-05 03:41 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-05 03:41 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-05 03:41 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-05 03:41 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-05 03:41 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-05 03:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-05 03:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\programdata\AVAST Software
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\program files\AVAST Software
    2012-08-05 02:46 . 2012-08-05 02:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-05 02:30 . 2012-08-05 02:30 -------- d-----w- c:\windows\Sun
    2012-08-05 02:07 . 2012-08-05 02:07 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-08-05 02:06 . 2012-08-05 02:06 -------- d-----w- c:\program files (x86)\Oracle
    2012-08-05 02:06 . 2012-08-05 02:05 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-05 02:06 . 2012-07-05 14:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-05 02:05 . 2012-08-05 02:05 -------- d-----w- c:\program files (x86)\Java
    2012-08-04 03:22 . 2012-08-04 03:22 -------- d-----w- c:\program files\Easypano
    2012-08-04 02:30 . 2003-04-18 10:46 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-08-04 02:30 . 2003-04-18 10:29 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
    2012-08-04 02:30 . 2003-04-18 10:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2012-08-04 02:30 . 2012-08-05 01:26 -------- d-----w- c:\program files (x86)\Easypano
    2012-08-03 06:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78AE9436-F37F-4960-8E19-9D39420BB35C}\mpengine.dll
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Application Updater
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot
    2012-07-30 10:39 . 2012-08-01 00:29 -------- d-----w- c:\users\deano\AppData\Local\Kolor
    2012-07-30 10:38 . 2012-08-01 00:27 -------- d-----w- c:\program files\Kolor
    2012-07-30 02:26 . 2012-07-30 02:26 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-28 19:05 . 2012-07-28 19:05 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-28 19:02 . 2012-07-28 19:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-07-28 01:58 . 2012-07-28 01:58 -------- d-----w- c:\windows\WICCodecs
    2012-07-24 02:37 . 2012-07-24 02:37 -------- d-----w- c:\programdata\RedGiant
    2012-07-24 02:24 . 2012-07-24 02:24 -------- d-----w- C:\PSCS5PLUGINPATH64BIT
    2012-07-23 01:22 . 2012-07-23 01:22 -------- d-----w- c:\program files\indii.org
    2012-07-21 04:01 . 2012-07-21 04:03 -------- d-----w- c:\program files (x86)\GeniuXPhotoEFX3
    2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-07-19 04:41 . 2012-05-17 09:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
    2012-07-19 04:41 . 2012-05-15 03:13 3316736 ----a-w- c:\windows\system32\BootMan.exe
    2012-07-19 04:41 . 2011-07-29 05:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
    2012-07-19 04:41 . 2011-07-29 05:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2012-07-19 04:41 . 2011-07-29 05:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
    2012-07-19 04:41 . 2011-07-29 05:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2012-07-19 04:41 . 2012-07-19 04:41 -------- d-----w- c:\program files (x86)\EaseUS
    2012-07-19 01:41 . 2012-07-19 01:41 -------- d-----w- c:\program files (x86)\Disk Heal
    2012-07-16 07:32 . 2012-08-06 11:52 -------- d-----w- c:\users\deano\AppData\Roaming\HandBrake
    2012-07-16 07:21 . 2012-07-16 07:31 -------- d-----w- c:\program files\Handbrake
    2012-07-16 07:02 . 2012-07-16 07:02 -------- d-----w- c:\program files\MediaInfo
    2012-07-16 06:27 . 2012-07-16 06:27 -------- d-----w- c:\users\deano\AppData\Roaming\PictureCode
    2012-07-15 03:48 . 2012-07-15 03:48 -------- d-----w- c:\users\deano\AppData\Roaming\FastStone
    2012-07-11 23:43 . 2012-07-11 23:43 -------- d-----w- c:\users\deano\AppData\Roaming\Boilsoft
    2012-07-11 23:43 . 2012-07-11 23:43 -------- d-----w- c:\program files (x86)\Boilsoft Video Converter
    2012-07-11 19:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 18:18 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 18:18 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 18:18 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 18:18 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 18:18 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 18:18 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 09:10 . 2012-07-11 09:10 -------- d-----w- c:\users\deano\AppData\Roaming\DivX
    2012-07-11 07:07 . 2012-07-11 07:07 -------- d-----w- c:\program files (x86)\Xvid
    2012-07-11 07:07 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2012-07-11 07:07 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2012-07-11 07:07 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
    2012-07-11 07:07 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
    2012-07-11 07:07 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2012-07-11 07:07 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
    2012-07-11 07:05 . 2012-07-11 07:05 -------- d-----w- c:\program files\DivX
    2012-07-11 07:05 . 2012-07-11 07:05 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2012-07-11 07:03 . 2012-07-11 07:05 -------- d-----w- c:\program files (x86)\DivX
    2012-07-11 07:02 . 2012-07-11 07:05 -------- d-----w- c:\programdata\DivX
    2012-07-11 06:26 . 2012-07-11 06:26 -------- d-----w- c:\users\deano\AppData\Roaming\Jasc
    2012-07-11 06:21 . 2012-07-11 06:22 -------- d-----w- c:\program files (x86)\Jasc Software Inc
    2012-07-11 01:43 . 2012-07-11 01:43 -------- d-----w- c:\users\deano\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-07-11 01:03 . 2007-04-12 06:19 129024 ----a-w- c:\windows\SysWow64\AVERM.dll
    2012-07-11 01:03 . 2006-09-26 05:57 28672 ----a-w- c:\windows\SysWow64\AVEQT.dll
    2012-07-11 00:57 . 2006-07-18 14:11 376832 ----a-w- c:\windows\SysWow64\MpegSplitter.ax
    2012-07-11 00:57 . 2006-05-04 22:59 421888 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
    2012-07-11 00:57 . 2012-07-11 01:03 -------- d-----w- c:\program files (x86)\Allok Video Splitter
    2012-07-10 07:03 . 2012-07-10 07:03 -------- d-----w- c:\users\deano\AppData\Local\HP
    2012-07-10 05:26 . 2012-07-10 05:26 -------- d-----w- c:\users\deano\AppData\Roaming\AKVIS LLC
    2012-07-10 04:57 . 2012-07-10 04:57 -------- d-----w- c:\programdata\Digital Film Tools
    2012-07-10 04:57 . 2012-07-10 04:57 -------- d-----w- c:\program files\Digital Film Tools
    2012-07-10 02:33 . 2012-07-10 02:33 -------- d-----w- c:\program files\Pano2VR
    2012-07-10 02:11 . 2012-07-10 02:11 -------- d-----w- c:\users\deano\AppData\Roaming\GardenGnomeSoftware
    2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\users\UpdatusUser\AppData\Roaming\onOne Software
    2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software
    2012-07-10 00:12 . 2012-07-10 00:21 -------- d-----w- c:\program files\onOne Software
    2012-07-09 23:11 . 2012-07-10 05:14 -------- d-----w- c:\users\deano\AppData\Roaming\Digital Film Tools
    2012-07-09 21:50 . 2011-10-24 13:15 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
    2012-07-09 21:50 . 2011-10-24 13:15 66560 ----a-w- c:\windows\system32\nlssrv32.exe
    2012-07-09 21:24 . 2012-07-09 21:48 -------- d-----w- c:\users\deano\OnOne Perfect Resize 7.0.6 Pro + Keygen{H33T}{Easypath}
    2012-07-09 09:05 . 2012-07-09 09:05 -------- d-----w- c:\programdata\CanonIJ
    2012-07-09 09:05 . 2012-07-09 09:05 -------- d-----w- c:\users\deano\AppData\Roaming\Canon
    2012-07-09 04:43 . 2012-07-09 04:43 -------- d-----w- c:\users\deano\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-07-09 04:36 . 2012-07-09 04:36 -------- d-----w- c:\users\deano\AppData\Roaming\Wacom
    2012-07-09 04:36 . 2012-07-09 04:43 -------- d-----w- c:\programdata\Wacom
    2012-07-09 04:36 . 2012-07-09 04:36 -------- d-----w- c:\program files (x86)\Bamboo Dock
    2012-07-09 04:26 . 2012-07-09 04:26 -------- d-----w- c:\programdata\Canon IJ Network Tool
    2012-07-09 04:26 . 2011-03-31 02:07 114688 ----a-w- c:\windows\SysWow64\CNC_ATU.dll
    2012-07-09 04:26 . 2011-03-30 04:54 323584 ----a-w- c:\windows\SysWow64\CNC_ATL.dll
    2012-07-09 04:26 . 2008-08-25 10:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
    2012-07-09 04:25 . 2012-07-09 04:25 -------- d-----w- c:\program files\Common Files\CANON
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d-----w- c:\program files\Canon
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d--h--w- c:\programdata\CanonBJ
    2012-07-09 04:24 . 2011-05-22 21:00 98816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAT.DLL
    2012-07-09 04:24 . 2011-05-22 21:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAT.DLL
    2012-07-09 04:24 . 2012-07-09 04:24 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-07-09 04:24 . 2011-05-22 21:00 385536 ----a-w- c:\windows\system32\CNMLMAT.DLL
    2012-07-09 04:23 . 2011-02-03 00:20 256000 ----a-w- c:\windows\system32\CNMIUAT.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 23:33 . 2012-02-29 06:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 23:33 . 2012-02-29 06:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 07:06 . 2012-04-20 02:13 963392 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 260928 ----a-w- c:\windows\system32\nvinitx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 2676544 ----a-w- c:\windows\system32\nvapi64.dll
    2012-07-11 19:02 . 2012-07-05 01:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 06:32 . 2009-12-18 09:58 4608 ----a-w- c:\windows\system32\Viveza2FC64.dll
    2012-07-06 23:54 . 2012-07-05 22:25 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
    2012-07-05 02:56 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-07-05 01:41 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-07-05 01:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-07-05 01:42 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-07-05 01:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-07-05 01:41 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-07-05 01:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-07-05 01:41 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 07:19 . 2012-07-05 01:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-07-05 01:41 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-21 08:47 . 2012-05-21 08:47 264064 ----a-w- C:\Coloriage.8bf
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-07_01.22.55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-08-06 22:00 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-07 01:22 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-07 01:22 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-06 22:00 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-07 01:22 606208 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-06 22:00 606208 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 09:20 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\IEBHO.DLL" [2011-12-11 1985352]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{c98ee38d-21e4-4a50-907d-2b56fec7013e}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-06 160328]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-6 1338656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-30 276248]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-07-22 30016]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-10-24 66560]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-07-22 2458944]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-03 620584]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2011-11-10 60184]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-03-01 21264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\x64\IEBHO.dll" [2011-12-11 2221896]
    .
    [HKEY_CLASSES_ROOT\CLSID\{C98EE38D-21E4-4A50-907D-2B56FEC7013E}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2779024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:56990
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: bendigobank.com.au\www
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\deano\AppData\Roaming\Mozilla\Firefox\Profiles\uxttrxf4.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50po"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50pp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50ppf"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.xmp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7a,99,a5,c3,42,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:82,b7,88,54,4b,62,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7c,0a,bd,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:23,51,33,7b,4e,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5d,9e,c1,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5c,69,b5,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:1c,a0,17,cb,16,66,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:0b,fd,aa,19,02,68,cd,01
    DUMPHIVE0.003 (REGF)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
    @=hex:9e,38,d9,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @=hex:57,ed,8c,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @=hex:d1,32,5e,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
    @=hex:9b,37,20,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
    @=hex:96,e0,ef,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
    @=hex:7d,0c,67,84,64,6c,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
    @=hex:4b,b3,05,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @=hex:db,ca,2b,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
    @=hex:df,c6,ca,24,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @=hex:ce,f8,f2,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
    @=hex:32,78,54,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @=hex:49,17,49,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
    @=hex:0c,e9,7b,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
    @=hex:84,3e,2f,2a,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @=hex:44,1d,cc,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @=hex:b0,69,13,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
    @=hex:03,71,c7,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @=hex:3e,f8,41,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
    @=hex:84,a1,83,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
    @=hex:56,73,92,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
    @=hex:1f,3e,9e,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-08 07:30:57
    ComboFix-quarantined-files.txt 2012-08-07 23:30
    ComboFix2.txt 2012-08-07 01:26
    .
    Pre-Run: 411,889,106,944 bytes free
    Post-Run: 411,682,783,232 bytes free
    .
    - - End Of File - - 188869EDC3D6DACBEDFDCC39F51553F5
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good work. This should be the final check for malware...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  18. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=83ffd0bdba85634791fe8cd765008b86
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-09 06:32:16
    # local_time=2012-08-09 02:32:16 (+0800, W. Australia Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 0 96102591 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=427374
    # found=26
    # cleaned=26
    # scan_time=21194
    C:\Documents and Settings\deano\AppData\Local\Mozilla\Firefox\Profiles\uxttrxf4.default\Cache\1\5E\B8EF7d01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\Adobe Photoshop Plugins - Noise Ninja For Photoshop v2.3.2 x86-x64 + KEYGEN [h33t] [mahasonaz]\Your Plugin Here\x64\Keygen\keygen.exe probably a variant of Win32/Agent.JKMEEED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\Adobe Photoshop Plugins - Noise Ninja For Photoshop v2.3.2 x86-x64 + KEYGEN [h33t] [mahasonaz]\Your Plugin Here\x86\Keygen\keygen.exe probably a variant of Win32/Agent.JKMEEED trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\software\DDSViewerSetup.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\utorrent\Microsoft.Windows.7.Enterprise.x86.SP1.Integrated.March.2012-BIE\bie786312.iso a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\utorrent\YouTube HD Video Downloader [PRO] v3.5 + Serial Key - {RedDragon}\YouTube HD Video DownloaderSetup 3.5 .exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\deano\Downloads\utorrent\YouTube HD Video Downloader [PRO] v3.5 + Serial Key - {RedDragon}\Crack\YouTubeDownloader.exe a variant of Win32/Packed.VProtect.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\FRST\Quarantine\{3db0ba6e-f958-7601-468e-97dfc5d91fb2}\U\80000000.@ Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Windows\Installer\5477762.msi a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Be careful with any toolbar (unless only if it's Bing, Google, or Yahoo! toolbar, don't install any other). Also, be careful NOT to install keygens, illegal software, cracks, etc. It'll get you infected repeatedly.

    Since there is a lot of malware found in that log, mainly adware, we'll look with this tool ... just in case.

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
     
  20. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Cheers! Here we go:

    Scanning Report

    Friday, August 10, 2012 07:57:37 - 09:04:17

    Computer name: DEANO-HP
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\ D:\
    4 malware found

    Suspicious:W32/Malware!Gemini(virus)
    • C:\USERS\DEANO\DOWNLOADS\SOFTWARE\BLUMENTALS.SCREENSAVER.FACTORY.ENTERPRISE.V6.0.0.52\CRACK\SCRFACT.EXE (Not cleaned)
    Trojan.Generic.KD.118597(virus)
    • C:\USERS\DEANO\ONONE PERFECT RESIZE 7.0.6 PRO + KEYGEN{H33T}{EASYPATH}\GET YOUR SOFTWARE HERE\KEYGEN\KEYGEN.EXE (Renamed)
    Trojan.Generic.6944875(virus)
    • C:\USERS\DEANO\DOWNLOADS\ASBO...B442.X64X86\ASBOKEH.2.0.1.B442.X64X86\KEYGEN.EXE (Renamed)
    Gen:Trojan.Heur.FU.suW@aaJN8Ti(virus)
    • C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CS6 (64 BIT)\ADOBE.PHOTOSHOP.CS6-PATCH.EXE (Renamed)
    Statistics

    Scanned:
    • Files: 104560
    • System: 6180
    • Not scanned: 25
    Actions:
    • Disinfected: 0
    • Renamed: 3
    • Deleted: 0
    • Not cleaned: 1
    • Submitted: 0
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\USERS\DEANO\APPDATA\LOCAL\TEMP\BCG8470.TMP
    • C:\USERS\DEANO\APPDATA\LOCAL\TEMP\REG755C.TMP
    • C:\USERS\DEANO\APPDATA\LOCAL\TEMP\HSPERFDATA_DEANO\6168
    • C:\USERS\DEANO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\UXTTRXF4.DEFAULT\MOZILLA-MEDIA-CACHE\MEDIA_CACHE
    • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{4748303A-E02E-11E1-9616-C01885FB7858}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{474830E1-E02E-11E1-9616-C01885FB7858}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{47483189-E02E-11E1-9616-C01885FB7858}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\QOOBOX\BACKENV\SETPATH.BAT
    • C:\QOOBOX\BACKENV\VIKPEV00
    • C:\FRST\QUARANTINE\DESKTOP.INI
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Due to these cracks and keygens, let's search all of them out, please...We can delete them, and can stop running all these scans. I think we should have it after this, but no promises.

    Please download CKScanner by askey127 from here

    Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
     
  22. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    Sorry for your trouble, I am a naughty boy I know.

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\frst\quarantine\ptgui 9.1.2 + serial + crack exe\notes.txt
    c:\frst\quarantine\ptgui 9.1.2 + serial + crack exe\ptgui 9.1.2 + serial + crack exe .nfo
    c:\frst\quarantine\ptgui 9.1.2 + serial + crack exe\ptgui 9.1.2 + serial + crack exe .rar
    c:\programdata\onone software\perfect effects\factorypresets\textures\cracked earth.oneffects
    c:\programdata\onone software\perfect effects\factorypresets\textures\cracked paint.oneffects
    c:\programdata\onone software\photoframe 4.6\frames\organic\crackle\crackle_06.frm
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\link to free photoshop brushes, plugins, templates and more....url
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\read this.txt
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\your plugin here\x64\setup.exe
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\your plugin here\x86\setup.exe
    c:\users\deano\downloads\asbo...b442.x64x86\asbokeh.2.0.1.b442.x64x86\keygen.0xe
    c:\users\deano\downloads\plugins\viveza 2.004 [jovabre]\crack\viveza2fc64.dll
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\install notes.txt
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\perfect resize 7.0.6 professional edition.exe
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\readme.url
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\keygen\keygen.0xe
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\keygen\readme.url
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\get your software here\keygen\redt.dll
    scanner sequence 3.II.11.MFEMJF
    ----- EOF -----
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  24. deano30

    deano30 TS Rookie Topic Starter Posts: 19

    ComboFix 12-08-05.02 - deano 12/08/2012 17:58:39.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8089.5033 [GMT 8:00]
    Running from: c:\users\deano\Desktop\ComboFix.exe
    Command switches used :: c:\users\deano\Desktop\CFscript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\Link To FREE Photoshop Brushes, Plugins, Templates and more....url
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\READ THIS.txt
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\Your Plugin Here\x64\Setup.exe
    c:\users\deano\downloads\adobe photoshop plugins - noise ninja for photoshop v2.3.2 x86-x64 + keygen [h33t] [mahasonaz]\Your Plugin Here\x86\Setup.exe
    c:\users\deano\downloads\asbo...b442.x64x86
    c:\users\deano\downloads\asbo...b442.x64x86\ASBokeh.2.0.1.B442.x64x86\KEYGEN.0XE
    c:\users\deano\downloads\asbo...b442.x64x86\ASBokeh.2.0.1.B442.x64x86\Manual.pdf
    c:\users\deano\downloads\asbo...b442.x64x86\ASBokeh.2.0.1.B442.x64x86\ReadMe.txt
    c:\users\deano\downloads\asbo...b442.x64x86\ASBokeh.2.0.1.B442.x64x86\Setup.exe
    c:\users\deano\downloads\plugins\viveza 2.004 [jovabre]
    c:\users\deano\downloads\plugins\viveza 2.004 [jovabre]\~uTorrentPartFile_1095114.dat
    c:\users\deano\downloads\plugins\viveza 2.004 [jovabre]\crack\Viveza2FC64.dll
    c:\users\deano\downloads\plugins\viveza 2.004 [jovabre]\README.rtf
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\Install Notes.txt
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\keygen\KEYGEN.0XE
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\keygen\ReadMe.url
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\keygen\RedT.dll
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\Perfect Resize 7.0.6 Professional Edition.exe
    c:\users\deano\onone perfect resize 7.0.6 pro + keygen{h33t}{easypath}\Get Your Software Here\ReadMe.url
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-12 10:09 . 2012-08-12 10:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-12 10:09 . 2012-08-12 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-12 09:28 . 2012-08-12 09:29 -------- d-----w- c:\program files (x86)\Poladroid
    2012-08-12 08:36 . 2012-08-12 08:38 -------- d-----w- c:\program files (x86)\Collage Maker 3.70
    2012-08-10 19:21 . 2012-08-10 19:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78AE9436-F37F-4960-8E19-9D39420BB35C}\offreg.dll
    2012-08-10 11:30 . 2012-08-10 11:30 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-08-10 00:18 . 2012-08-10 00:18 -------- d-----w- c:\users\deano\AppData\Roaming\PandoraRecovery
    2012-08-10 00:18 . 2012-08-10 00:23 -------- d-----w- c:\program files (x86)\Pandora Recovery
    2012-08-09 23:57 . 2012-08-09 23:57 -------- d-----w- c:\users\deano\AppData\Roaming\f-secure
    2012-08-09 23:57 . 2012-08-09 23:57 -------- d-----w- c:\programdata\F-Secure
    2012-08-09 00:25 . 2012-08-09 00:25 -------- d-----w- c:\program files (x86)\ESET
    2012-08-06 00:44 . 2012-08-06 00:45 -------- d-----w- C:\FRST
    2012-08-05 07:09 . 2012-08-05 07:22 -------- d-----w- c:\users\deano\AppData\Local\NPE
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\users\deano\AppData\Roaming\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-05 05:37 . 2012-08-05 05:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 05:37 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-05 04:40 . 2012-08-05 04:40 -------- d-----w- c:\programdata\Blio
    2012-08-05 04:39 . 2012-08-05 04:41 -------- d-----w- c:\users\deano\AppData\Roaming\Blio
    2012-08-05 03:41 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-05 03:41 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-05 03:41 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-05 03:41 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-05 03:41 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-05 03:41 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-05 03:41 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-05 03:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-05 03:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\programdata\AVAST Software
    2012-08-05 03:40 . 2012-08-05 03:40 -------- d-----w- c:\program files\AVAST Software
    2012-08-05 02:46 . 2012-08-05 02:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-05 02:30 . 2012-08-05 02:30 -------- d-----w- c:\windows\Sun
    2012-08-05 02:07 . 2012-08-05 02:07 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-08-05 02:06 . 2012-08-05 02:06 -------- d-----w- c:\program files (x86)\Oracle
    2012-08-05 02:06 . 2012-08-05 02:05 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-05 02:06 . 2012-07-05 14:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-05 02:05 . 2012-08-05 02:05 -------- d-----w- c:\program files (x86)\Java
    2012-08-04 03:22 . 2012-08-04 03:22 -------- d-----w- c:\program files\Easypano
    2012-08-04 02:30 . 2003-04-18 10:29 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
    2012-08-04 02:30 . 2003-04-18 10:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2012-08-04 02:30 . 2012-08-05 01:26 -------- d-----w- c:\program files (x86)\Easypano
    2012-08-03 06:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78AE9436-F37F-4960-8E19-9D39420BB35C}\mpengine.dll
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Application Updater
    2012-07-31 01:30 . 2012-07-31 01:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot
    2012-07-30 10:39 . 2012-08-01 00:29 -------- d-----w- c:\users\deano\AppData\Local\Kolor
    2012-07-30 10:38 . 2012-08-01 00:27 -------- d-----w- c:\program files\Kolor
    2012-07-30 02:26 . 2012-07-30 02:26 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-28 19:05 . 2012-07-28 19:05 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-28 19:02 . 2012-07-28 19:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-07-28 01:58 . 2012-07-28 01:58 -------- d-----w- c:\windows\WICCodecs
    2012-07-24 02:37 . 2012-07-24 02:37 -------- d-----w- c:\programdata\RedGiant
    2012-07-24 02:24 . 2012-07-24 02:24 -------- d-----w- C:\PSCS5PLUGINPATH64BIT
    2012-07-23 01:22 . 2012-07-23 01:22 -------- d-----w- c:\program files\indii.org
    2012-07-21 04:01 . 2012-07-21 04:03 -------- d-----w- c:\program files (x86)\GeniuXPhotoEFX3
    2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-07-19 04:41 . 2012-05-17 09:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
    2012-07-19 04:41 . 2012-05-15 03:13 3316736 ----a-w- c:\windows\system32\BootMan.exe
    2012-07-19 04:41 . 2011-07-29 05:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
    2012-07-19 04:41 . 2011-07-29 05:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
    2012-07-19 04:41 . 2011-07-29 05:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2012-07-19 04:41 . 2011-07-29 05:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
    2012-07-19 04:41 . 2011-07-29 05:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2012-07-19 04:41 . 2012-07-19 04:41 -------- d-----w- c:\program files (x86)\EaseUS
    2012-07-19 01:41 . 2012-07-19 01:41 -------- d-----w- c:\program files (x86)\Disk Heal
    2012-07-16 07:32 . 2012-08-11 10:11 -------- d-----w- c:\users\deano\AppData\Roaming\HandBrake
    2012-07-16 07:21 . 2012-07-16 07:31 -------- d-----w- c:\program files\Handbrake
    2012-07-16 07:02 . 2012-07-16 07:02 -------- d-----w- c:\program files\MediaInfo
    2012-07-16 06:27 . 2012-07-16 06:27 -------- d-----w- c:\users\deano\AppData\Roaming\PictureCode
    2012-07-15 03:48 . 2012-07-15 03:48 -------- d-----w- c:\users\deano\AppData\Roaming\FastStone
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 23:33 . 2012-02-29 06:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 23:33 . 2012-02-29 06:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-22 07:06 . 2012-04-20 02:13 963392 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 260928 ----a-w- c:\windows\system32\nvinitx.dll
    2012-07-22 07:06 . 2012-04-20 02:13 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-07-22 07:06 . 2012-04-20 02:13 2676544 ----a-w- c:\windows\system32\nvapi64.dll
    2012-07-11 19:02 . 2012-07-05 01:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-07 06:32 . 2009-12-18 09:58 4608 ----a-w- c:\windows\system32\Viveza2FC64.dll
    2012-07-06 23:54 . 2012-07-05 22:25 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
    2012-07-05 02:56 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-12 03:08 . 2012-07-11 19:04 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 18:17 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 18:18 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 18:17 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 18:18 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 18:18 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 18:17 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-07-05 01:41 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-07-05 01:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-07-05 01:42 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-07-05 01:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-07-05 01:41 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-07-05 01:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-07-05 01:41 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-11 19:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-11 19:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-11 19:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-11 19:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-11 19:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-11 19:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-11 19:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-11 19:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-11 19:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-11 19:00 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-11 19:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-11 19:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-11 19:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-11 19:00 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-11 19:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 19:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-11 19:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 19:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 19:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 07:19 . 2012-07-05 01:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-07-05 01:41 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 18:17 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 18:17 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 18:17 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 18:17 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 18:17 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 18:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 18:17 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 18:17 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 18:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-21 08:47 . 2012-05-21 08:47 264064 ----a-w- C:\Coloriage.8bf
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-07_01.22.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-08-12 07:22 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-08-06 22:00 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-07-04 16:53 . 2012-08-12 10:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-07-04 16:53 . 2012-08-04 08:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-07-04 16:53 . 2012-08-04 08:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-07-04 16:53 . 2012-08-12 10:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-04 08:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-12 10:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-08-11 21:40 96648 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-08-10 11:30 . 2012-08-10 11:30 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
    + 2012-08-10 11:30 . 2012-08-10 11:30 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    + 2012-08-10 10:54 . 2012-08-10 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-07 01:22 . 2012-08-07 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-10 10:54 . 2012-08-10 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-07 01:22 . 2012-08-07 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-12 08:36 . 2012-08-12 08:36 4846 c:\windows\Installer\{C41FABC0-BFC6-4392-8C76-4682AC9185C5}\hh_1.exe
    + 2012-08-12 08:36 . 2012-08-12 08:36 2238 c:\windows\Installer\{C41FABC0-BFC6-4392-8C76-4682AC9185C5}\CollageMaker3.exe
    - 2009-07-14 04:54 . 2012-08-06 22:00 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-12 07:22 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-06 22:00 606208 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-12 07:22 606208 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 02:36 . 2012-08-06 10:45 628460 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-12 07:57 628460 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-12 07:57 110612 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-08-06 10:45 110612 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-08-10 10:53 487652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-07 01:21 487652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-05 05:56 . 2012-08-10 10:53 934268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4147089754-2962967528-3310208666-1001-4096.dat
    + 2012-08-12 09:29 . 2012-08-12 09:29 292878 c:\windows\Installer\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}\Poladroid.exe
    + 2009-07-20 16:05 . 2009-07-20 16:05 1348432 c:\windows\SysWOW64\msxml4.dll
    + 2009-07-14 04:45 . 2012-08-11 21:39 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-07-28 19:25 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-06-01 08:59 . 2009-06-01 08:59 6598144 c:\windows\Installer\9ff2939.msi
    + 2009-07-20 16:29 . 2009-07-20 16:29 6057984 c:\windows\Installer\216bda.msi
    + 2008-09-30 13:07 . 2008-09-30 13:07 6042112 c:\windows\Installer\216bd3.msi
    + 2012-07-05 05:56 . 2012-08-10 10:53 17676064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4147089754-2962967528-3310208666-1001-12288.dat
    + 2012-08-12 08:20 . 2012-08-12 08:20 23503872 c:\windows\Installer\9ceaf38.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 09:20 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\IEBHO.DLL" [2011-12-11 1985352]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{c98ee38d-21e4-4a50-907d-2b56fec7013e}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-06 160328]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-6 1338656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-30 276248]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-07-22 30016]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-10-24 66560]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-07-22 2458944]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-03 620584]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2011-11-10 60184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-03-01 21264]
    S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-11 c:\windows\Tasks\HPCeeScheduleFordeano.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C98EE38D-21E4-4A50-907D-2B56FEC7013E}"= "c:\program files (x86)\HP SimplePass\x64\IEBHO.dll" [2011-12-11 2221896]
    .
    [HKEY_CLASSES_ROOT\CLSID\{C98EE38D-21E4-4A50-907D-2B56FEC7013E}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FAC16418-AA80-4CFF-AC3D-7360F8E904F5}]
    [HKEY_CLASSES_ROOT\IEBHO.TSBand]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-30 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-30 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-30 440600]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2779024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:56990
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: bendigobank.com.au\www
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\deano\AppData\Roaming\Mozilla\Firefox\Profiles\uxttrxf4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50po"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50pp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.v50ppf"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (S-1-5-21-4147089754-2962967528-3310208666-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 5.xmp"
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7a,99,a5,c3,42,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:82,b7,88,54,4b,62,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:7c,0a,bd,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:23,51,33,7b,4e,69,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5d,9e,c1,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:5c,69,b5,b0,01,68,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:1c,a0,17,cb,16,66,cd,01
    .
    [HKEY_USERS\S-1-5-21-4147089754-2962967528-3310208666-1001_Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @Allowed: (Read) (RestrictedCode)
    @=hex:0b,fd,aa,19,02,68,cd,01
    DUMPHIVE0.003 (REGF)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
    @=hex:9e,38,d9,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
    @=hex:57,ed,8c,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
    @=hex:d1,32,5e,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
    @=hex:9b,37,20,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
    @=hex:96,e0,ef,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
    @=hex:7d,0c,67,84,64,6c,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
    @=hex:4b,b3,05,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
    @=hex:db,ca,2b,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
    @=hex:df,c6,ca,24,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
    @=hex:ce,f8,f2,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
    @=hex:32,78,54,23,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
    @=hex:49,17,49,26,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
    @=hex:0c,e9,7b,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
    @=hex:84,3e,2f,2a,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
    @=hex:44,1d,cc,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
    @=hex:b0,69,13,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
    @=hex:03,71,c7,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
    @=hex:3e,f8,41,29,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
    @=hex:84,a1,83,25,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
    @=hex:56,73,92,27,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
    @=hex:1f,3e,9e,28,98,5d,cd,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-12 18:10:38
    ComboFix-quarantined-files.txt 2012-08-12 10:10
    ComboFix2.txt 2012-08-07 23:30
    ComboFix3.txt 2012-08-07 01:26
    .
    Pre-Run: 413,455,159,296 bytes free
    Post-Run: 413,666,299,904 bytes free
    .
    - - End Of File - - 972E3A562C4B145C532C9569BBEA6B80
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Update me on the status of the machine, how's it working, etc., please.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...