Solved Sirfef.FC

A

Antij

Posts: 22   +0
ESET found this, with the infected file being "Services.exe" in at least one instance, and it is always trying to access system things like Svchost and taskman.

DNS and internet have been extremely flaky. 2 other people on my router - 1 has had trouble, 1 hasn't. As of around 11:30 PST DNS hasn't been able to resolve even though Pidgin was connecting, so I wonder if I was hit in that FBI DNS shutdown. Not sure because I have been having a ton of DNS issues anyway so it all may be the big DNS thing or it may be independent. Now I can't get on Pidgin now either even though Win7 says I have internet...it is fine on this old XP computer though.

Here is my log.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-07-2012 01
Ran by SYSTEM at 09-07-2012 01:04:44
Running from H:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "D:\Run\Tools\ESET\egui.exe" /hide /waitservice [x]
HKLM\...\Run: [UnlockerAssistant] "D:\Run\Tools\Unlocker\UnlockerAssistant.exe" [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [boincmgr] "D:\Run\Internet\BOINC\boincmgr.exe" /a /s [x]
HKLM\...\Run: [boinctray] "D:\Run\Internet\BOINC\boinctray.exe" [x]
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "D:\Run\Tools\Internet\Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKU\Bosh\...\Run: [SpybotSD TeaTimer] D:\Run\Tools\Spybot\TeaTimer.exe [x]
HKU\Bosh\...\Run: [TrueCrypt] "D:\Run\Tools\TC\TrueCrypt.exe" /q preferences /a logon /a favorites [x]
HKU\Bosh\...\Run: [MusicManager] "D:\Users\Bosh\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [x]
HKU\Bosh\...\Run: [Google Update] "D:\Users\Bosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-25] (Google Inc.)
HKU\Bosh\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Bosh\...\Run: [306E1B8E2C99E83119C42FCB48AAF71FCAC5BD78._service_run] "D:\Users\Bosh\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [x]
HKU\Bosh\...\Run: [DAEMON Tools Lite] "D:\Run\Tools\DAEMON Tools Pro\DTLite.exe" -autorun [x]
HKU\Bosh\...\Run: [iCloudServices] D:\Run\Internet\iCloud\iCloudServices.exe [x]
HKU\Bosh\...\Run: [ApplePhotoStreams] D:\Run\Internet\iCloud\ApplePhotoStreams.exe [x]
HKU\Bosh\...\Run: [com.apple.dav.bookmarks.daemon] D:\Run\Internet\iCloud\BookmarkDAV_client.exe [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli
psqlpwd
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

================================ Services (Whitelisted) ==================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [804528 2011-02-01] (Acronis)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-05-25] (Acronis)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [775968 2012-02-01] (Broadcom Corporation.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 PanInstaller; C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe [234824 2011-04-12] ()
2 PanService; C:\Program Files\Palo Alto Networks\Pan Connect\PanService.exe [947528 2011-04-12] (Palo Alto Networks)
4 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
3 EhttpSrv; C:\Run\Tools\ESET\EHttpSrv.exe [x]
2 ekrn; C:\Run\Tools\ESET\ekrn.exe [x]
2 Hamachi2Svc; C:\Run\Tools\Internet\Hamachi\hamachi-2.exe -s [x]
4 NitroReaderDriverReadSpool; C:\Run\Internet\Nitro\NitroPDFReaderDriverService.exe [x]
3 SbieSvc; "C:\Run\Tools\Sandboxie\SbieSvc.exe" [x]
2 SBSDWSCService; C:\Run\Tools\Spybot\SDWinSec.exe [x]
4 WMPControllerService; "C:\Dell\Utilities\Dell Premium Remote Control\WMPControllerService.exe" [x]

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\DRIVERS\afcdp.sys [167968 2011-05-25] (Acronis)
3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [522280 2012-02-27] (Broadcom Corporation.)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [66776 2011-08-10] (Citrix Systems, Inc.)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [134000 2010-12-21] (ESET)
3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33120 2010-12-21] (ESET)
2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [41336 2010-12-21] (ESET)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
3 PanSvd; C:\Windows\System32\DRIVERS\pansvd.sys [27136 2011-04-12] (Palo Alto Networks)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-03-03] (Duplex Secure Ltd.)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [752128 2011-05-25] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [600928 2011-05-25] (Acronis)
1 truecrypt; C:\Windows\System32\drivers\truecrypt.sys [231248 2011-05-25] (TrueCrypt Foundation)
3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [20480 2009-07-13] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 SbieDrv; \??\D:\Run\Tools\Sandboxie\SbieDrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-09 01:04 - 2012-07-09 01:04 - 00000000 ____D C:\FRST
2012-07-08 21:09 - 2011-05-25 00:16 - 00434608 ____A C:\Windows\System32\Drivers\etc\hosts.20120708-220900.backup
2012-07-08 20:35 - 2012-07-08 20:35 - 00001967 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-07-08 20:35 - 2012-07-08 20:35 - 00000000 ____D C:\Program Files\Canon
2012-07-08 20:35 - 2011-01-06 12:08 - 01310720 ____A (CANON INC.) C:\Windows\System32\CNC870C.dll
2012-07-08 20:35 - 2011-01-06 12:08 - 00110592 ____A (CANON INC.) C:\Windows\System32\CNC870I.dll
2012-07-08 20:35 - 2011-01-06 12:07 - 00102400 ____A (CANON INC.) C:\Windows\System32\CNC870U.dll
2012-07-08 20:35 - 2009-10-19 15:29 - 00307200 ____A (CANON INC.) C:\Windows\System32\CNC870L.dll
2012-07-08 20:35 - 2009-06-26 09:45 - 00015360 ____A C:\Windows\System32\CNC1743D.TBL
2012-07-08 20:35 - 2008-08-25 17:02 - 00015872 ____A (CANON INC.) C:\Windows\System32\CNHMCA.dll
2012-07-08 20:33 - 2012-07-08 20:33 - 00000000 ___HD C:\Program Files\CanonBJ
2012-07-08 20:33 - 2012-07-08 20:33 - 00000000 ____D C:\Windows\System32\STRING
2012-07-08 20:33 - 2012-07-08 20:33 - 00000000 ____D C:\Windows\System32\CHM
2012-07-08 20:33 - 2009-10-09 14:01 - 00354816 ____A (CANON INC.) C:\Windows\System32\CNMNPPM.DLL
2012-07-08 20:33 - 2009-10-09 14:01 - 00137216 ____A (CANON INC.) C:\Windows\System32\CNMNPUI.DLL
2012-06-28 20:00 - 2009-03-18 16:35 - 00026176 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2012-06-26 21:58 - 2012-06-26 21:58 - 00000000 ____D C:\Program Files\Common Files\Java
2012-06-26 21:57 - 2012-06-26 21:57 - 00000000 ____D C:\Program Files\Oracle
2012-06-26 21:57 - 2012-05-04 18:29 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-26 21:57 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-26 21:55 - 2012-06-26 21:55 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-21 10:14 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 10:14 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 10:14 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 10:14 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 10:14 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 10:14 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 10:14 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 10:14 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 10:14 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 22:50 - 2012-06-18 22:50 - 00000000 ____D C:\Users\All Users\Apple
2012-06-18 11:15 - 2012-05-15 01:28 - 03931456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-18 11:15 - 2012-05-15 01:28 - 02561344 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-06-18 11:15 - 2012-05-15 01:28 - 00645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-18 11:15 - 2012-05-15 01:28 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-18 11:15 - 2012-05-15 01:28 - 00062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-18 11:15 - 2012-05-15 01:27 - 02759488 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-18 11:11 - 2012-05-15 02:26 - 08105280 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 02368832 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-06-18 11:11 - 2012-05-15 02:26 - 00011190 ____A C:\Windows\System32\nvinfo.pb
2012-06-18 11:10 - 2012-06-18 11:10 - 00000000 ____D C:\NVIDIA
2012-06-18 10:57 - 2012-06-18 11:15 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-18 10:47 - 2012-07-08 21:00 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-18 10:47 - 2012-06-18 11:21 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-18 10:46 - 2012-06-21 12:19 - 00000000 ____D C:\Users\All Users\PCDr
2012-06-18 10:46 - 2012-06-18 10:46 - 00000000 ____D C:\Users\All Users\Dell
2012-06-18 10:45 - 2012-06-18 10:47 - 00000000 ____D C:\Program Files\Dell Support Center
2012-06-18 10:32 - 2012-06-18 10:32 - 00103784 ____A C:\Users\Bosh\GoToAssistDownloadHelper.exe

============ 3 Months Modified Files ========================

2012-07-09 00:00 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-09 00:00 - 2009-07-13 20:39 - 00089065 ____A C:\Windows\setupact.log
2012-07-08 23:20 - 2011-05-25 00:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000UA.job
2012-07-08 22:44 - 2011-05-25 00:01 - 01683143 ____A C:\Windows\WindowsUpdate.log
2012-07-08 21:20 - 2011-05-25 00:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000Core.job
2012-07-08 21:08 - 2009-07-13 20:34 - 00013808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 21:08 - 2009-07-13 20:34 - 00013808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 21:07 - 2011-05-25 00:04 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 21:00 - 2012-06-18 10:47 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-08 20:35 - 2012-07-08 20:35 - 00001967 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-06-26 21:56 - 2011-07-15 16:57 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-26 21:56 - 2011-07-15 16:57 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-20 11:54 - 2011-05-25 00:54 - 00028352 ____A C:\Windows\PFRO.log
2012-06-18 11:21 - 2012-06-18 10:47 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-18 10:32 - 2012-06-18 10:32 - 00103784 ____A C:\Users\Bosh\GoToAssistDownloadHelper.exe
2012-06-05 10:05 - 2009-07-13 20:33 - 04307016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-02 14:19 - 2012-06-21 10:14 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 10:14 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:14 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 10:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 10:14 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 10:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 10:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-21 10:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 11:34 - 2012-05-22 11:34 - 00060304 ____A C:\Users\Bosh\g2mdlhlpx.exe
2012-05-15 02:26 - 2012-06-18 11:11 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:26 - 2012-06-18 11:11 - 08105280 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 02368832 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-05-15 02:26 - 2012-06-18 11:11 - 00011190 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:26 - 2010-10-17 00:55 - 15322432 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-05-15 02:26 - 2010-10-17 00:55 - 00061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 01:28 - 2012-06-18 11:15 - 03931456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:28 - 2012-06-18 11:15 - 02561344 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:28 - 2012-06-18 11:15 - 00645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:28 - 2012-06-18 11:15 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:28 - 2012-06-18 11:15 - 00062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:27 - 2012-06-18 11:15 - 02759488 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-05-04 18:29 - 2012-06-26 21:57 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-04 18:29 - 2012-06-26 21:57 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-04 18:29 - 2011-07-15 16:57 - 00687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-26 19:08 - 2011-05-25 00:27 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-17 18:55 - 2011-05-25 00:12 - 00100944 ____A C:\Users\Bosh\AppData\Local\GDIPFONTCACHEV1.DAT

ZeroAccess:
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}\@
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}\L
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}\U
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}\U\00000001.@
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4094.06 MB
Available physical RAM: 3570.16 MB
Total Pagefile: 4092.34 MB
Available Pagefile: 3572.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.73 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:50.04 GB) (Free:12.84 GB) NTFS
3 Drive f: (Data) (Fixed) (Total:350 GB) (Free:34.72 GB) NTFS
4 Drive g: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:15.11 GB) (Free:15.1 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 50 GB 101 MB
Partition 3 Primary 350 GB 50 GB
Partition 0 Extended 65 GB 400 GB
Partition 4 Logical 65 GB 400 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 50 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Data NTFS Partition 350 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D RAW Partition 65 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 15 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 23:38

======================= End Of Log ==========================
 
DDS with Attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bosh at 1:51:26 on 2012-07-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3582.1632 [GMT -7:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\Run\Tools\ESET\ekrn.exe
D:\Run\Tools\Internet\Hamachi\hamachi-2.exe
C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe
C:\Program Files\Palo Alto Networks\Pan Connect\PanService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Run\Tools\ESET\egui.exe
D:\Run\Tools\Unlocker\UnlockerAssistant.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
D:\Run\Internet\BOINC\boincmgr.exe
D:\Run\Internet\BOINC\boinctray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Run\Tools\Internet\Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Run\Tools\Spybot\TeaTimer.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
D:\Run\Tools\TC\TrueCrypt.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
D:\Users\Bosh\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Run\Tools\DAEMON Tools Pro\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Users\Bosh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
D:\Run\Internet\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\Run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86
D:\Run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Run\Internet\Pidgin\pidgin.exe
I:\3qe6v5bk.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] d:\run\tools\spybot\TeaTimer.exe
uRun: [TrueCrypt] "d:\run\tools\tc\TrueCrypt.exe" /q preferences /a logon /a favorites
uRun: [MusicManager] "d:\users\bosh\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [Google Update] "d:\users\bosh\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [306E1B8E2C99E83119C42FCB48AAF71FCAC5BD78._service_run] "d:\users\bosh\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [DAEMON Tools Lite] "d:\run\tools\daemon tools pro\DTLite.exe" -autorun
uRun: [iCloudServices] d:\run\internet\icloud\iCloudServices.exe
uRun: [ApplePhotoStreams] d:\run\internet\icloud\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] d:\run\internet\icloud\BookmarkDAV_client.exe
mRun: [egui] "d:\run\tools\eset\egui.exe" /hide /waitservice
mRun: [UnlockerAssistant] "d:\run\tools\unlocker\UnlockerAssistant.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [boincmgr] "d:\run\internet\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "d:\run\internet\boinc\boinctray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "d:\run\tools\internet\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
StartupFolder: d:\users\bosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - d:\users\bosh\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: d:\users\bosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24}\2456C6B696E6F5052756D2E4F5135383435363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24}\4414E4A594742333 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24}\449414055524C4943475946494 : DhcpNameServer = 205.171.2.65 205.171.3.65
TCP: Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli psqlpwd c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
Hosts: 127.0.0.1www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\bosh\appdata\roaming\mozilla\firefox\profiles\gaccxglw.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\run\create\npPicasa3.dll
FF - plugin: d:\run\entertainment\vlc\npvlc.dll
FF - plugin: d:\run\internet\firefaux\plugins\np-mswmp.dll
FF - plugin: d:\run\tools\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\run\tools\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\users\bosh\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-5-25 752128]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-8-10 66776]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe [2012-2-15 73728]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-5-25 3246040]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;d:\run\tools\eset\ekrn.exe [2011-1-12 810144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\run\tools\internet\hamachi\hamachi-2.exe -s --> d:\run\tools\internet\hamachi\hamachi-2.exe -s [?]
R2 PanInstaller;PanInstaller;c:\program files\palo alto networks\pan connect\PanInstaller.exe [2011-4-12 234824]
R2 PanService;PanService;c:\program files\palo alto networks\pan connect\PanService.exe [2011-4-12 947528]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-5-25 167968]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-1-10 522280]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-27 33832]
R3 PanSvd;Pan Virtual Miniport;c:\windows\system32\drivers\pansvd.sys [2011-4-12 27136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
S2 SBSDWSCService;SBSD Security Center Service;d:\run\tools\spybot\SDWinSec.exe [2011-5-25 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-7 11008]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SbieDrv;SbieDrv;d:\run\tools\sandboxie\SbieDrv.sys [2012-2-7 133392]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-25 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;d:\run\internet\nitro\NitroPDFReaderDriverService.exe [2010-9-30 196912]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 WMPControllerService;WMPControllerService;"c:\dell\utilities\dell premium remote control\wmpcontrollerservice.exe" --> c:\dell\utilities\dell premium remote control\WMPControllerService.exe [?]
.
=============== Created Last 30 ================
.
2012-07-09 09:04:20--------d-----w-C:\FRST
2012-07-09 04:35:09--------d-----w-c:\program files\Canon
2012-07-09 04:35:07307200----a-w-c:\windows\system32\CNC870L.dll
2012-07-09 04:35:0715872----a-w-c:\windows\system32\CNHMCA.dll
2012-07-09 04:35:071310720----a-w-c:\windows\system32\CNC870C.dll
2012-07-09 04:35:07110592----a-w-c:\windows\system32\CNC870I.dll
2012-07-09 04:35:07102400----a-w-c:\windows\system32\CNC870U.dll
2012-07-09 04:33:52354816----a-w-c:\windows\system32\CNMNPPM.DLL
2012-07-09 04:33:52137216----a-w-c:\windows\system32\CNMNPUI.DLL
2012-07-09 04:33:52--------d-----w-c:\windows\system32\STRING
2012-07-09 04:33:52--------d-----w-c:\windows\system32\CHM
2012-06-29 04:00:4126176---ha-w-c:\windows\system32\hamachi.sys
2012-06-27 05:57:32--------d-----w-c:\program files\Oracle
2012-06-27 05:57:06772504----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-21 18:14:502422272----a-w-c:\windows\system32\wucltux.dll
2012-06-21 18:14:4388576----a-w-c:\windows\system32\wudriver.dll
2012-06-21 18:14:3633792----a-w-c:\windows\system32\wuapp.exe
2012-06-21 18:14:36171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-19 10:36:496762896----a-w-c:\programdata\microsoft\windows defender\definition updates\{5e19f662-7201-4466-ad15-d253f1dcbd58}\mpengine.dll
2012-06-19 07:01:23--------d-----w-d:\users\bosh\appdata\local\Apple Computer
2012-06-18 19:46:07--------d-----w-d:\users\bosh\appdata\roaming\NVIDIA
2012-06-18 19:15:15645440----a-w-c:\windows\system32\nvvsvc.exe
2012-06-18 19:15:1562272----a-w-c:\windows\system32\nvshext.dll
2012-06-18 19:15:153931456----a-w-c:\windows\system32\nvcpl.dll
2012-06-18 19:15:152759488----a-w-c:\windows\system32\nvsvc.dll
2012-06-18 19:15:152561344----a-w-c:\windows\system32\nvsvcr.dll
2012-06-18 19:15:15108352----a-w-c:\windows\system32\nvmctray.dll
2012-06-18 19:11:49883008----a-w-c:\windows\system32\nvgenco32.dll
2012-06-18 19:11:498105280----a-w-c:\windows\system32\nvwgf2um.dll
2012-06-18 19:11:495982528----a-w-c:\windows\system32\nvcuda.dll
2012-06-18 19:11:492524992----a-w-c:\windows\system32\nvcuvid.dll
2012-06-18 19:11:492445120----a-w-c:\windows\system32\nvcuvenc.dll
2012-06-18 19:11:4919607872----a-w-c:\windows\system32\nvoglv32.dll
2012-06-18 19:11:4911354944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-06-18 19:11:491000768----a-w-c:\windows\system32\nvdispco32.dll
2012-06-18 19:11:482368832----a-w-c:\windows\system32\nvapi.dll
2012-06-18 19:11:4817551680----a-w-c:\windows\system32\nvcompiler.dll
2012-06-18 19:10:56--------d-----w-C:\NVIDIA
2012-06-18 18:46:59--------d-----w-d:\users\bosh\appdata\roaming\Dell
2012-06-18 18:46:51--------d-----w-c:\programdata\PCDr
2012-06-18 18:45:56--------d-----w-c:\program files\Dell Support Center
2012-06-18 18:43:36--------d-----w-d:\users\bosh\appdata\roaming\PCDr
2012-06-18 18:32:19103784----a-w-c:\users\bosh\GoToAssistDownloadHelper.exe
.
==================== Find3M ====================
.
2012-05-22 19:34:5160304----a-w-c:\users\bosh\g2mdlhlpx.exe
2012-05-15 10:26:0061248----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:26:0015322432----a-w-c:\windows\system32\nvd3dum.dll
2012-05-05 02:29:16687504----a-w-c:\windows\system32\deployJava1.dll
.
============= FINISH: 1:52:32.14 ===============
 
Attach.txt. Malwarebytes reported nothing, but it was 91 days out of date and I couldn't update because of no internet connection on that computer.
 

Attachments

  • Attach.zip
    3.5 KB · Views: 0
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-09 03:43:21
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST95005620AS rev.SD24
Running: 3qe6v5bk.exe; Driver: C:\Temp\pxldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8304F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83088D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8CB9C089]
PAGE PCIIDEX.SYS!DllUnload 8CC7E606 5 Bytes JMP 86BB01C8
.text USBPORT.SYS!DllUnload 9308BDB9 5 Bytes JMP 85F4B410
.text ae8eljdw.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 9315A900 48 Bytes [03, 0D, 5D, 56, 1F, 54, F7, ...]
? C:\Windows\System32\Drivers\ae8eljdw.SYS suspicious PE modification
? C:\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[872] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
.text D:\Run\Tools\ESET\ekrn.exe[2096] kernel32.dll!SetUnhandledExceptionFilter 76D2F4FB 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\Explorer.EXE[3524] SHELL32.dll!SHFileOperationW 76F396AE 5 Bytes JMP 04401102 D:\Run\Tools\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8CA89730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8CA89F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8CA8A232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8CA8A0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8CA89914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 51EC8B55
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 8B565351
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] FF560875
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] C0510815
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 85D88B00
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] C2840FDB
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 57000000
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 0068406A
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] FF000010
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 006A5073
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 508415FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] F88B00C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 85FC7D89
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] 9E840FFF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 8B000000
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] A4F3544B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtFlushKey] 1443B70F
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 0653B70F
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 1818448D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] 8B0CC083
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 08758B08
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] 03FC7D8B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 8BF903F1
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] C083FC48
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] A4F34A28
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 758BE975
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 443D8BFC
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 2B00C051
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 458D0875
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 056A50F8
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF016A
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 85D7FFFC
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] EB2574C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 04488B1D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 56F84D29
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8B08508D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FC450300
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 52F8C183
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 5051E9D1
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 514015FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 7D8300C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] DD7500F8
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 50F8458D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 016A016A
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FFFC75FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 74C085D7
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 0C488D20
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] C085018B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] F18B1774
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 03FC4D8B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 15FF50C1
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [00C05080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8B14C683
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] [75C08506] C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FC458BEB
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] C95B5E5F
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 560004C2
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 7140BF57
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 8B5700C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 7C15FFF1
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 6A00C050
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 3C83580F
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] C0715885
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] 09740000
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 8548C88B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] EBEF75C9
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 85348907
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00C07158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 3415FF57
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 5F00C050
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 5756C35E
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] C07140BF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] F18B5700
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 507C15FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F6A00C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 85343958
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] [00C07158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] C88B0974
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] 75C98548
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 8308EBF0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 71588524
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 570000C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 503415FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5E5F00C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 800068C3
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 006A0000
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 7815FF51
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 5000C050
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 513C15FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 55C300C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5351EC8B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 35FF5756
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [00C07198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 513815FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 8D5900C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpReleaseWork] E8400044
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpPostWork] 00002B4C
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocWork] 75FFFC8B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] FC7D8908
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 719835FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] EC6800C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 5700C053
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 513415FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] DB3300C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 3910C483
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 6E7D085D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FFF63357
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] C0507415
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 85F88B00
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 8D3774FF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 6A500845
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] FF575602
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] C0513015
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 7CC08500
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF556A25
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 15FFFC75
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] [00C0512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] C9335959
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 08896657
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFFE1FE8
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85D88BFF
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8B0774DB
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] F72B0875
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF57F303
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] C0507015
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] 74F68500
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FC4D8B53
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] C07084BA
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 85D6FF00
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 684575C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 00008000
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 15FF5350
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] [00C05078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] 5D3936EB
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] BB31740C
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] [00C07140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7C15FF53
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] BE00C050
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00C07194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] C085068B
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] 4D8B0774
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocPool] FFD78B08
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 83C68BD0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 583D04EE
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 7500C071
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 15FF53E7
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] [00C05034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FF0658D
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C2C95B5E
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 8B550008
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] B8EC81EC
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 53000008
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 0B6A5756
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 5420BE59
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] BD8D00C0
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] FFFFFF4C
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 526AA5F3
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 858DFF33
IAT C:\Windows\system32\services.exe[872] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] FFFFFF78
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe[2304] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device 86BB51E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device 8AD6C1E8
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 89E421E8
Device udfs.sys (UDF File System Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{99FC05CD-F391-4677-B30C-F534C5852BD5} 870AD1E8
Device \Driver\BTHUSB \Device\0000008e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE415505-B6F6-434A-907F-8DAFFCB30C24} 870AD1E8
Device 85F47430
Device 87152430
Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{337D7D88-22C5-4988-BCE9-14B2D752F9F9} 870AD1E8
Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86EAC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86BB21E8
Device \Driver\atapi \Device\Ide\IdePort0 86BB21E8
Device \Driver\atapi \Device\Ide\IdePort1 86BB21E8
Device \Driver\atapi \Device\Ide\IdePort2 86BB21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 86BB21E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86EAC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EDECBA8B-4F6B-4849-9972-B6F82D2B25B7} 870AD1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{74EBBAC0-9843-436F-8963-CB0C14693055} 870AD1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 870AD1E8
Device \Driver\USBSTOR \Device\000000a9 89E411E8
Device \Driver\USBSTOR \Device\000000aa 89E411E8
Device \Driver\usbuhci \Device\USBFDO-0 85F47430
Device \Driver\usbuhci \Device\USBFDO-1 85F47430
Device \Driver\PCI_PNP1396 \Device\0000006e sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP1396 \Device\0000006e sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbehci \Device\USBFDO-2 87152430
Device \Driver\usbuhci \Device\USBFDO-3 85F47430
Device \Driver\NetBT \Device\NetBT_Tcpip_{2DFA2D49-8F47-478B-B8A0-DE33CE680E91} 870AD1E8
Device \Driver\usbuhci \Device\USBFDO-4 85F47430
Device \Driver\usbuhci \Device\USBFDO-5 85F47430
Device \Driver\usbehci \Device\USBFDO-6 87152430
Device \Driver\BTHUSB \Device\0000008c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ae8eljdw \Device\Scsi\ae8eljdw1 873F21E8
Device \Driver\ae8eljdw \Device\Scsi\ae8eljdw1Port3Path0Target0Lun0 873F21E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272ac537c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272ac537c@001f8229b3ed 0x35 0x68 0x5F 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272ac537c@001f8229a96b 0x47 0x9A 0x0F 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9e6351f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9e6351f@40fc890889e2 0x00 0x09 0x6B 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9e6351f@001f8229a96b 0xB8 0xF0 0x55 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x41 0x55 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Run\Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x7F 0xCE 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0xDD 0x37 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272ac537c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272ac537c@001f8229b3ed 0x35 0x68 0x5F 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272ac537c@001f8229a96b 0x47 0x9A 0x0F 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9e6351f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9e6351f@40fc890889e2 0x00 0x09 0x6B 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9e6351f@001f8229a96b 0xB8 0xF0 0x55 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0x41 0x55 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Run\Tools\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x7F 0xCE 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0xDD 0x37 0xF3 ...

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Please observe forum rules:
All required logs have to be PASTED. Attached logs will NOT be reviewed.

If a log or logs exceed the limit for one reply, you may use more than one reply. The above rule will be strictly enforced.

Pasted logs can be handled easier and faster by malware helper.
Click to expand...
So please paste Attach.txt log.

=======================================

Next...

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Ok. Attach.txt first. Farbar soon as it's done.

.---------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2011 1:00:58 AM
System Uptime: 7/9/2012 1:06:23 AM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 12.711 GiB free.
D: is FIXED (NTFS) - 350 GiB total, 34.712 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_413C&PID_8145\5&2F6E3144&0&4
Manufacturer:
Name:
PNP Device ID: USB\VID_413C&PID_8145\5&2F6E3144&0&4
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\8&34A8C67B&0&40FC890889E2_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\8&34A8C67B&0&40FC890889E2_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\8&34A8C67B&0&40FC890889E2_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\8&34A8C67B&0&40FC890889E2_C00000000
Service:
.
==== System Restore Points ===================
.
RP111: 5/25/2012 10:59:20 AM - Scheduled Checkpoint
RP112: 6/1/2012 11:42:14 PM - Scheduled Checkpoint
RP113: 6/5/2012 10:31:50 AM - Windows Update
RP114: 6/5/2012 11:08:11 AM - Windows Update
RP115: 6/5/2012 11:10:14 AM - Windows Update
RP116: 6/14/2012 3:50:56 AM - Scheduled Checkpoint
RP117: 6/18/2012 11:45:10 AM - Installed Dell Support Center
RP118: 6/18/2012 11:54:54 PM - Installed iCloud
RP119: 6/19/2012 3:35:57 AM - Windows Update
RP120: 6/21/2012 11:14:23 AM - Windows Update
RP121: 6/26/2012 10:56:05 PM - Installed Java(TM) 7 Update 5
RP122: 6/26/2012 10:57:15 PM - Installed JavaFX 2.1.1
RP123: 7/4/2012 5:47:35 AM - Scheduled Checkpoint
RP124: 7/9/2012 12:15:26 AM - Removed Apple Application Support
.
==== Installed Programs ======================
.
.
µTorrent
7-Zip 9.20
Acronis True Image Home 2011
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5 Master Collection
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Widget Browser
Aimersoft Audio Converter(Build 1.1.52)
Aimersoft DVD Creator(Build 1.1.52)
Aimersoft DVD Ripper(Build 1.1.52)
Aimersoft DVD Studio Pack(Build 1.1.52)
Aimersoft Video Converter(Build 1.1.52)
AnswerWorks 5.0 English Runtime
AxCrypt 1.7.2867.0
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG6100 series MP Drivers
Canon MX870 series MP Drivers
CCleaner
CDBurnerXP
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CutePDF Writer 2.8
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell Support Center
Dell Touchpad
DestroyTwitter 2
Dropbox
Duplicate Cleaner 2.0.6
ESET Smart Security
Everything 1.2.1.371
Fingerprint Reader Suite 5.6
FreeUndelete 2.0.35248.1
Google Chrome
GoToAssist Corporate
GoToMeeting 5.1.0.880
HP Drive Key Boot Utility
HP USB Disk Storage Format Tool
Image Resizer Powertoy Clone for Windows
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 7 Update 5
JavaFX 2.1.1
Laptop Integrated Webcam Driver (1.04.01.1011)
LogMeIn Hamachi
MediaMonkey 3.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MusicBrainz Picard
NetConnect
NetConnect Installer
Nitro PDF Reader
NTFS Undelete v0.94
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
Online Plug-in
Opera Next 12.00 alpha build 1191
Opera Next 12.00 alpha build 1306
PDF Settings CS5
Picasa 3
Pidgin
Portal 2
Quicken 2012
Recuva
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
RMPrepUSB
Sandboxie 3.54 (32-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sideload Wonder Machine
SigmaTel Audio
Spybot - Search & Destroy
Steam
TeraCopy 2.2 beta 3
Terraria 1.1.2
TrueCrypt
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wwiiper
TweetDeck
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
WIDCOMM Bluetooth Software
WinDirStat 1.1.2
Windows 7 USB/DVD Download Tool
WinRAR 4.01 (32-bit)
World Community Grid
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 1:09:09 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/9/2012 1:09:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/9/2012 1:07:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/9/2012 1:07:04 AM, Error: Service Control Manager [7003] - The epfwwfp service depends the following service: BFE. This service might not be installed.
7/9/2012 1:06:57 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/9/2012 1:06:54 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/9/2012 1:06:54 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/9/2012 1:06:53 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/4/2012 11:47:56 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================
 
Farbar Recovery Scan Tool Version: 08-07-2012 01
Ran by SYSTEM at 2012-07-09 10:52:21
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    302 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-07-2012 01
Ran by SYSTEM at 2012-07-09 16:38:43 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{72c25dc5-dc4e-ca0f-08b4-af45d073eab5} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
I manually disabled ESET, ran ComboFix, then ESET asked me if I really wanted to close it (I believe ComboFix tried to kill it because I don't usually get that prompt). I agreed, but then ComboFix said ESET was still running. I tried disabling again and told Combofix to continue. CF said ESET was STILL running but would proceed anyway. It appeared to be closed but ekrn.exe was still running. I tried to kill the process and service manually but was denied access. Right clicking the icon before CF killed it always said that the AV/FW/Malware stuff was disabled.
ComboFix 12-07-08.02 - Bosh 07/09/2012 16:53:02.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3582.2262 [GMT -7:00]
Running from: I:\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bosh\g2mdlhlpx.exe
c:\users\Bosh\GoToAssistDownloadHelper.exe
c:\windows\system32\drivers\etc\hosts.txt
d:\docs\~calendar.pst.tmp
d:\docs\~WRL0100.tmp
d:\docs\~WRL0374.tmp
d:\docs\~WRL0566.tmp
d:\docs\~WRL0616.tmp
d:\docs\~WRL0651.tmp
d:\docs\~WRL0840.tmp
d:\docs\~WRL1427.tmp
d:\docs\~WRL1443.tmp
d:\docs\~WRL2932.tmp
d:\run\TEMP\~DFA23D05169F4BCF45.TMP
d:\run\TEMP\~DFB2D0C791B5C08BD4.TMP
d:\run\TEMP\0C5WZS53.txt
d:\run\TEMP\0CHZCR4I.txt
d:\run\TEMP\0E2OJJBP.txt
d:\run\TEMP\0FCQRP0A.txt
d:\run\TEMP\0FY1T92K.txt
d:\run\TEMP\0HA615BR.txt
d:\run\TEMP\0JBMZ1MS.txt
d:\run\TEMP\0KO6I6OJ.txt
d:\run\TEMP\0ODD0TGX.txt
d:\run\TEMP\0QDY81LD.txt
d:\run\TEMP\0TTMQTNK.txt
d:\run\TEMP\0W44QJJX.txt
d:\run\TEMP\0X5VBB8V.txt
d:\run\TEMP\119ROR6L.txt
d:\run\TEMP\180KZZ88.txt
d:\run\TEMP\19KO1OUQ.txt
d:\run\TEMP\19TZI923.txt
d:\run\TEMP\1A5J1YDT.txt
d:\run\TEMP\1GV5CO09.txt
d:\run\TEMP\1HHYY4NW.txt
d:\run\TEMP\1HWUQCA1.txt
d:\run\TEMP\1K452HCQ.txt
d:\run\TEMP\1NLHUHQ4.txt
d:\run\TEMP\1T9XCRYD.txt
d:\run\TEMP\1TK1E6YN.txt
d:\run\TEMP\1TOOR1XW.txt
d:\run\TEMP\1W2QCJHW.txt
d:\run\TEMP\1XGTZRH3.txt
d:\run\TEMP\1YDNVDDZ.txt
d:\run\TEMP\1YE0HYL9.txt
d:\run\TEMP\1Z0ETGDG.txt
d:\run\TEMP\22RWH1WX.txt
d:\run\TEMP\242ERIJB.txt
d:\run\TEMP\24BXKM4H.txt
d:\run\TEMP\25EYNTM2.txt
d:\run\TEMP\26IXC4HM.txt
d:\run\TEMP\274VMJYH.txt
d:\run\TEMP\29UNKAQ7.txt
d:\run\TEMP\2D1Y67UO.txt
d:\run\TEMP\2D9SBCT6.txt
d:\run\TEMP\2ECC.tmp
d:\run\TEMP\2FXY583E.txt
d:\run\TEMP\2LV61IV5.txt
d:\run\TEMP\2MKUN0GR.txt
d:\run\TEMP\2NAWA2MM.txt
d:\run\TEMP\2OX6M3VT.txt
d:\run\TEMP\2S1G908V.txt
d:\run\TEMP\2SKZBXZC.txt
d:\run\TEMP\2T06ZGXI.txt
d:\run\TEMP\2UHK90BU.txt
d:\run\TEMP\2W0FR8RC.txt
d:\run\TEMP\31CM23UN.txt
d:\run\TEMP\31RBWRBF.txt
d:\run\TEMP\33PRRWRY.txt
d:\run\TEMP\35PYE6TK.txt
d:\run\TEMP\362410JH.txt
d:\run\TEMP\36W7S00E.txt
d:\run\TEMP\374IKA03.txt
d:\run\TEMP\39F9E2VP.txt
d:\run\TEMP\3B5CPSRD.txt
d:\run\TEMP\3BVV9OTZ.txt
d:\run\TEMP\3CKQHRNM.txt
d:\run\TEMP\3DDQLEKZ.txt
d:\run\TEMP\3HID1238.txt
d:\run\TEMP\3JFQO1NY.txt
d:\run\TEMP\3KYZG0Y3.txt
d:\run\TEMP\3MC558MY.txt
d:\run\TEMP\3U4KC380.txt
d:\run\TEMP\3VGBXT4F.txt
d:\run\TEMP\3VPT4JTR.txt
d:\run\TEMP\3VVL520K.txt
d:\run\TEMP\3W6F1HXH.txt
d:\run\TEMP\3Z4G7V0K.txt
d:\run\TEMP\3ZNPNEWT.txt
d:\run\TEMP\40P2VI4Y.txt
d:\run\TEMP\4334O03R.txt
d:\run\TEMP\43PC6B54.txt
d:\run\TEMP\4COW3XDH.txt
d:\run\TEMP\4E8VCEBP.txt
d:\run\TEMP\4HS06JWF.txt
d:\run\TEMP\4KV6QXXP.txt
d:\run\TEMP\4M7V47HM.txt
d:\run\TEMP\4OG4JJYC.txt
d:\run\TEMP\4P1YD996.txt
d:\run\TEMP\4TL5UNRO.txt
d:\run\TEMP\4W9Z3HDI.txt
d:\run\TEMP\4ZJZG3J3.txt
d:\run\TEMP\50CULTSD.txt
d:\run\TEMP\51RE6ZXJ.txt
d:\run\TEMP\542C74R0.txt
d:\run\TEMP\54UI3G64.txt
d:\run\TEMP\56E7GIDR.txt
d:\run\TEMP\5EW8ZUJB.txt
d:\run\TEMP\5J03E8GJ.txt
d:\run\TEMP\5KNOVDLQ.txt
d:\run\TEMP\5TPM02MW.txt
d:\run\TEMP\5TWV8RZA.txt
d:\run\TEMP\5VCB8WHO.txt
d:\run\TEMP\5W3SH4V6.txt
d:\run\TEMP\5XB0QR9J.txt
d:\run\TEMP\5XT8DGR8.txt
d:\run\TEMP\5YSZLAEL.txt
d:\run\TEMP\625J6G6M.txt
d:\run\TEMP\62K8MORY.txt
d:\run\TEMP\652U6GVT.txt
d:\run\TEMP\6A9UL0BX.txt
d:\run\TEMP\6AT83GD1.txt
d:\run\TEMP\6C3ZSZ07.txt
d:\run\TEMP\6J6UD28Z.txt
d:\run\TEMP\6NDQLZHN.txt
d:\run\TEMP\6SMVV7C2.txt
d:\run\TEMP\6UCYW9XF.txt
d:\run\TEMP\6WF0WXIL.txt
d:\run\TEMP\6ZDKCUWI.txt
d:\run\TEMP\78XCRKCB.txt
d:\run\TEMP\79QIB2JK.txt
d:\run\TEMP\7A3G1FVM.txt
d:\run\TEMP\7EAPUAPV.txt
d:\run\TEMP\7F121AC9.txt
d:\run\TEMP\7JL9BBH1.txt
d:\run\TEMP\7LHCPUZC.txt
d:\run\TEMP\7M92XWIE.txt
d:\run\TEMP\7MVQHA78.txt
d:\run\TEMP\7NYVH62N.txt
d:\run\TEMP\7P6QIEQP.txt
d:\run\TEMP\7QRHQIJ8.txt
d:\run\TEMP\7T25ELER.txt
d:\run\TEMP\7T9F13NH.txt
d:\run\TEMP\7TY88G39.txt
d:\run\TEMP\7V7SEOLZ.txt
d:\run\TEMP\8094BB53.txt
d:\run\TEMP\8263.tmp
d:\run\TEMP\83C0ADXZ.txt
d:\run\TEMP\840JO9A9.txt
d:\run\TEMP\85RJ7QZC.txt
d:\run\TEMP\89STDF59.txt
d:\run\TEMP\8CXJH29O.txt
d:\run\TEMP\8E403Z1X.txt
d:\run\TEMP\8EAVN815.txt
d:\run\TEMP\8FPAU3HB.txt
d:\run\TEMP\8GTA02NU.txt
d:\run\TEMP\8H5AUKYX.txt
d:\run\TEMP\8HSAHW94.txt
d:\run\TEMP\8I3Q91NS.txt
d:\run\TEMP\8JTDV1TW.txt
d:\run\TEMP\8MJJ1KR3.txt
d:\run\TEMP\8MX59HSS.txt
d:\run\TEMP\8RDTHQIC.txt
d:\run\TEMP\8S86BC9O.txt
d:\run\TEMP\8XOZF23O.txt
d:\run\TEMP\8Z481ZFZ.txt
d:\run\TEMP\9AD4P0S3.txt
d:\run\TEMP\9C174628.txt
d:\run\TEMP\9C4QRN7Q.txt
d:\run\TEMP\9F1HCY7K.txt
d:\run\TEMP\9HYH7R5E.txt
d:\run\TEMP\9IIQNW9N.txt
d:\run\TEMP\9JG3SJTK.txt
d:\run\TEMP\9OOW9HGW.txt
d:\run\TEMP\9OQKSA3C.txt
d:\run\TEMP\9RA44YCE.txt
d:\run\TEMP\9RANWLDH.txt
d:\run\TEMP\9TQ5IJEN.txt
d:\run\TEMP\9W238CX9.txt
d:\run\TEMP\9WTZB4Z8.txt
d:\run\TEMP\9X094RWO.txt
d:\run\TEMP\A2C124ZI.txt
d:\run\TEMP\ACN8L1XI.txt
d:\run\TEMP\ACUVZ75W.txt
d:\run\TEMP\ADTDLURP.txt
d:\run\TEMP\ADV6F6PN.txt
d:\run\TEMP\AGO5O0T5.txt
d:\run\TEMP\AI2M0Z7Z.txt
d:\run\TEMP\AKQ2RQXC.txt
d:\run\TEMP\ARZ9Z729.txt
d:\run\TEMP\AskSLib.dll
d:\run\TEMP\ATPJQYTS.txt
d:\run\TEMP\AXQD9AB2.txt
d:\run\TEMP\B07YE58N.txt
d:\run\TEMP\B09TVID2.txt
d:\run\TEMP\B1G7OFJU.txt
d:\run\TEMP\B807AN17.txt
d:\run\TEMP\BATE309N.txt
d:\run\TEMP\BKPCVQ4W.txt
d:\run\TEMP\BKQJ0DBJ.txt
d:\run\TEMP\bosh@anrtx.tacoda[1].txt
d:\run\TEMP\bosh@facebook[2].txt
d:\run\TEMP\bosh@kuler-api.adobe[2].txt
d:\run\TEMP\bosh@live[1].txt
d:\run\TEMP\bosh@microsoft[1].txt
d:\run\TEMP\bosh@moms.today[1].txt
d:\run\TEMP\bosh@msn[1].txt
d:\run\TEMP\bosh@msn[3].txt
d:\run\TEMP\bosh@msnbc.112.2o7[1].txt
d:\run\TEMP\bosh@office.microsoft[2].txt
d:\run\TEMP\bosh@office14client.microsoft[2].txt
d:\run\TEMP\bosh@onlinestores.metaservices.microsoft[1].txt
d:\run\TEMP\bosh@onlinestores.metaservices.microsoft[2].txt
d:\run\TEMP\bosh@outbrain[1].txt
d:\run\TEMP\bosh@scanscout[1].txt
d:\run\TEMP\bosh@showadsak.pubmatic[1].txt
d:\run\TEMP\bosh@today.msnbc.msn[1].txt
d:\run\TEMP\bosh@trafficmp[2].txt
d:\run\TEMP\bosh@tweetdeck[1].txt
d:\run\TEMP\bosh@twitpic[2].txt
d:\run\TEMP\bosh@www.bing[1].txt
d:\run\TEMP\bosh@yahoo[1].txt
d:\run\TEMP\BOWYBN7Z.txt
d:\run\TEMP\btwinlog.txt
d:\run\TEMP\BWLN9HJZ.txt
d:\run\TEMP\BWP30J10.txt
d:\run\TEMP\C0G0N0MT.txt
d:\run\TEMP\C4LMU7EE.txt
d:\run\TEMP\C96YA9SG.txt
d:\run\TEMP\CACHEDIR.TAG
d:\run\TEMP\chrome_installer.log
d:\run\TEMP\CP5GQC63.txt
d:\run\TEMP\CR443YRW.txt
d:\run\TEMP\CSDY8XAG.txt
d:\run\TEMP\CYEKADWI.txt
d:\run\TEMP\D1DED3AU.txt
d:\run\TEMP\D3REPOU3.txt
d:\run\TEMP\D7FSP5IQ.txt
d:\run\TEMP\dd_clwireg.txt
d:\run\TEMP\dd_dotNetFx40_Client_x86_decompression_log.txt
d:\run\TEMP\dd_SetupUtility.txt
d:\run\TEMP\DFFMLFJR.txt
d:\run\TEMP\DMFGTFEZ.txt
d:\run\TEMP\DMI59D2.tmp
d:\run\TEMP\DRIL5921.txt
d:\run\TEMP\DSK3YQNP.txt
d:\run\TEMP\DuplicateCleaner_Installer.exe
d:\run\TEMP\E0QEQRFZ.txt
d:\run\TEMP\E0RIA57W.txt
d:\run\TEMP\E4CCMTLJ.txt
d:\run\TEMP\E5KZJZHY.txt
d:\run\TEMP\E65XRRF1.txt
d:\run\TEMP\E97HFX9W.txt
d:\run\TEMP\E9FCS5QZ.txt
d:\run\TEMP\EAO2CTJI.txt
d:\run\TEMP\EAXXPV3U.txt
d:\run\TEMP\EDKT10YM.txt
d:\run\TEMP\EFYEMA3N.txt
d:\run\TEMP\EOML1OF6.txt
d:\run\TEMP\EPIE826P.txt
d:\run\TEMP\EUDR1OJB.txt
d:\run\TEMP\EUM7PSA4.txt
d:\run\TEMP\EVLK7MKE.txt
d:\run\TEMP\F2818CNO.txt
d:\run\TEMP\F2NQYPC8.txt
d:\run\TEMP\F5QU0RAJ.txt
d:\run\TEMP\F68LG81D.txt
d:\run\TEMP\F7ZVX0BL.txt
d:\run\TEMP\F8ONBSG9.txt
d:\run\TEMP\FBRRY9J0.txt
d:\run\TEMP\FD0BEIU1.txt
d:\run\TEMP\FDD72VG8.txt
d:\run\TEMP\FGZ05I1M.txt
d:\run\TEMP\FKQSR4NU.txt
d:\run\TEMP\FO1OMDPS.txt
d:\run\TEMP\FO33XCNZ.txt
d:\run\TEMP\FO7V7BKD.txt
d:\run\TEMP\FPBE0I0A.txt
d:\run\TEMP\FPVROWUO.txt
d:\run\TEMP\FQ2DHMIA.txt
d:\run\TEMP\fwtsqmfile00.sqm
d:\run\TEMP\fwtsqmfile01.sqm
d:\run\TEMP\fwtsqmfile02.sqm
d:\run\TEMP\fwtsqmfile03.sqm
d:\run\TEMP\fwtsqmfile04.sqm
d:\run\TEMP\fwtsqmfile05.sqm
d:\run\TEMP\fwtsqmfile06.sqm
d:\run\TEMP\fwtsqmfile07.sqm
d:\run\TEMP\fwtsqmfile08.sqm
d:\run\TEMP\fwtsqmfile09.sqm
d:\run\TEMP\fwtsqmfile10.sqm
d:\run\TEMP\fwtsqmfile11.sqm
d:\run\TEMP\fwtsqmfile12.sqm
d:\run\TEMP\fwtsqmfile13.sqm
d:\run\TEMP\fwtsqmfile14.sqm
d:\run\TEMP\fwtsqmfile15.sqm
d:\run\TEMP\fwtsqmfile16.sqm
d:\run\TEMP\fwtsqmfile17.sqm
d:\run\TEMP\fwtsqmfile18.sqm
d:\run\TEMP\fwtsqmfile19.sqm
d:\run\TEMP\FXSAPIDebugLogFile.txt
d:\run\TEMP\FXSTIFFDebugLogFile.txt
d:\run\TEMP\FYVA7MB3.txt
d:\run\TEMP\FZ3163KR.txt
d:\run\TEMP\G04I2U5K.txt
d:\run\TEMP\G6ECKK38.txt
d:\run\TEMP\G87V0Z9I.txt
d:\run\TEMP\G8E7MPKO.txt
d:\run\TEMP\GEPT9I3C.txt
d:\run\TEMP\GGWYKNWX.txt
d:\run\TEMP\GH8Q56OA.txt
d:\run\TEMP\GKCX0W0C.txt
d:\run\TEMP\GKIYIR02.txt
d:\run\TEMP\GLCP9EIJ.txt
d:\run\TEMP\GMRP92N9.txt
d:\run\TEMP\GO886H1O.txt
d:\run\TEMP\GP7852XW.txt
d:\run\TEMP\GP9XFJA9.txt
d:\run\TEMP\GQ17ZAHS.txt
d:\run\TEMP\GQY6XW5T.txt
d:\run\TEMP\GS7LWFJ5.txt
d:\run\TEMP\GS8IUWI8.txt
d:\run\TEMP\GVJTVGVK.txt
d:\run\TEMP\H2N630HT.txt
d:\run\TEMP\H48AMS94.txt
d:\run\TEMP\H49DFIC9.txt
d:\run\TEMP\H8QUR2U5.txt
d:\run\TEMP\H8RAMY2G.txt
d:\run\TEMP\H9HHYJW0.txt
d:\run\TEMP\H9KM1H5H.txt
d:\run\TEMP\HamachiSetup.log
d:\run\TEMP\HB8ANQKI.txt
d:\run\TEMP\HGT58S1G.txt
d:\run\TEMP\HIQ6JXRE.txt
d:\run\TEMP\HMKNYI1F.txt
d:\run\TEMP\HOE3WXGY.txt
d:\run\TEMP\hpzEN4v2.chm
d:\run\TEMP\hpzEN4v2.hlp
d:\run\TEMP\HRCZ4M7K.txt
d:\run\TEMP\HSA3H760.txt
d:\run\TEMP\HTGDXFKN.txt
d:\run\TEMP\HTO0VBWH.txt
d:\run\TEMP\HTT17CA.tmp
d:\run\TEMP\HTT2FD4.tmp
d:\run\TEMP\HTT3080.tmp
d:\run\TEMP\HTT311D.tmp
d:\run\TEMP\HTT312E.tmp
d:\run\TEMP\HTT31EC.tmp
d:\run\TEMP\HTT321C.tmp
d:\run\TEMP\HTTAB58.tmp
d:\run\TEMP\HTTB4A9.tmp
d:\run\TEMP\HTTEBD0.tmp
d:\run\TEMP\HX3E08GX.txt
d:\run\TEMP\HZ1DPBPP.txt
d:\run\TEMP\I7L8EJC1.txt
d:\run\TEMP\IFSF4WQX.txt
d:\run\TEMP\IHZ244M3.txt
d:\run\TEMP\ILLO2XQY.txt
d:\run\TEMP\IN1SMC28.txt
d:\run\TEMP\index.dat
d:\run\TEMP\installChecker.exe
d:\run\TEMP\Intuit.Spc.Map.Features.WindowsFirewallLog.txt
d:\run\TEMP\IOCKJU3C.txt
d:\run\TEMP\ISUJR7K2.txt
d:\run\TEMP\IUPGH7S1.txt
d:\run\TEMP\IX65UFSW.txt
d:\run\TEMP\IYVMFF0Y.txt
d:\run\TEMP\J0GKU5UJ.txt
d:\run\TEMP\J1E6CXQT.txt
d:\run\TEMP\J1Q0TQCN.txt
d:\run\TEMP\J37X895E.txt
d:\run\TEMP\J4NN88BB.txt
d:\run\TEMP\J5B8ESD9.txt
d:\run\TEMP\J988IKTR.txt
d:\run\TEMP\J9OG2A7Q.txt
d:\run\TEMP\J9WSHVQY.txt
d:\run\TEMP\JAFYMHH8.txt
d:\run\TEMP\JCAM92DN.txt
d:\run\TEMP\JDCFRRXY.txt
d:\run\TEMP\JDOQ7R8W.txt
d:\run\TEMP\JEDDGKLB.txt
d:\run\TEMP\JGA89T6A.txt
d:\run\TEMP\JINZSW0M.txt
d:\run\TEMP\JKAB8XQ7.txt
d:\run\TEMP\JLYTTIY9.txt
d:\run\TEMP\JO5B8AMM.txt
d:\run\TEMP\JPU4UKWJ.txt
d:\run\TEMP\JQNUE8ZR.txt
d:\run\TEMP\JSR84FVZ.txt
d:\run\TEMP\JTPB79M1.txt
d:\run\TEMP\JXIX4YOJ.txt
d:\run\TEMP\JY80Z02B.txt
d:\run\TEMP\JYCK4YRF.txt
d:\run\TEMP\JYFMPQ62.txt
d:\run\TEMP\JZ7FC88C.txt
d:\run\TEMP\K0S24C7I.txt
d:\run\TEMP\K1H4J9JH.txt
d:\run\TEMP\K57VUI17.txt
d:\run\TEMP\KB2446708_20110525_055534500-Microsoft .NET Framework 4 Client Profile-MSP0.txt
d:\run\TEMP\KB2446708_20110525_055534500.html
d:\run\TEMP\KCOILDKB.txt
d:\run\TEMP\KD6YX3PO.txt
d:\run\TEMP\KDN0O8JC.txt
d:\run\TEMP\KHIBCR95.txt
d:\run\TEMP\KHQNW3V5.txt
d:\run\TEMP\KKE6LEH3.txt
d:\run\TEMP\KLBY3SL3.txt
d:\run\TEMP\KPG5AJS6.txt
d:\run\TEMP\L0DCUAQC.txt
d:\run\TEMP\L0QPDII7.txt
d:\run\TEMP\L1MRIO3L.txt
d:\run\TEMP\L35FUFYK.txt
d:\run\TEMP\L3FKY8TK.txt
d:\run\TEMP\L3PFID3T.txt
d:\run\TEMP\L3XUJ1EH.txt
d:\run\TEMP\L5S8JJXB.txt
d:\run\TEMP\L7U244HE.txt
d:\run\TEMP\LE5WO40X.txt
d:\run\TEMP\LG4U812W.txt
d:\run\TEMP\LHVMTGY2.txt
d:\run\TEMP\LIA4VLZT.txt
d:\run\TEMP\LOAXHF88.txt
d:\run\TEMP\LRLR0172.txt
d:\run\TEMP\LW7BVVV3.txt
d:\run\TEMP\LZ3OS8J5.txt
d:\run\TEMP\M05RRR3R.txt
d:\run\TEMP\M0CTRERW.txt
d:\run\TEMP\M0FLEA4L.txt
d:\run\TEMP\M2S8ANGE.txt
d:\run\TEMP\M6FH99YQ.txt
d:\run\TEMP\M70CCN2Y.txt
d:\run\TEMP\MAPW28VT.txt
d:\run\TEMP\MBJLWR20.txt
d:\run\TEMP\MBZG0DZ1.txt
d:\run\TEMP\MCCL4KNG.txt
d:\run\TEMP\MDONLSE3.txt
d:\run\TEMP\MFF9UVTH.txt
d:\run\TEMP\MFP2RPWK.txt
d:\run\TEMP\MHRO3S82.txt
d:\run\TEMP\Microsoft .NET Framework 4 Client Profile Setup_20110525_023953768-MSI_netfx_Core_x86.msi.txt
d:\run\TEMP\Microsoft .NET Framework 4 Client Profile Setup_20110525_023953768.html
d:\run\TEMP\MJV3FZRF.txt
d:\run\TEMP\MLVUQNRG.txt
d:\run\TEMP\MMPRRSEC.txt
d:\run\TEMP\MO5U88AJ.txt
d:\run\TEMP\MONCF6YL.txt
d:\run\TEMP\MpCmdRun.log
d:\run\TEMP\MPUR2HEY.txt
d:\run\TEMP\MRTO3X31.txt
d:\run\TEMP\MZKR2DFN.txt
d:\run\TEMP\N0C8EMDL.txt
d:\run\TEMP\N4ZQH6ET.txt
d:\run\TEMP\N56CVR5X.txt
d:\run\TEMP\N97FQ0OV.txt
d:\run\TEMP\N9C23Y42.txt
d:\run\TEMP\NERIDRHI.txt
d:\run\TEMP\NFAY5J4R.txt
d:\run\TEMP\NK7DFP8F.txt
d:\run\TEMP\NNNN3Z5U.txt
d:\run\TEMP\NNO0O5QY.txt
d:\run\TEMP\NNTTUZ01.txt
d:\run\TEMP\NOFC3V1L.txt
d:\run\TEMP\NP034K70.txt
d:\run\TEMP\NPNSKDLD.txt
d:\run\TEMP\nsa657.tmp
d:\run\TEMP\nsc43BD.tmp
d:\run\TEMP\nsuCF65.tmp
d:\run\TEMP\nsuCFA1.tmp
d:\run\TEMP\NT7BRO3B.txt
d:\run\TEMP\NTA7YZPN.txt
d:\run\TEMP\NVDSAVDP.txt
d:\run\TEMP\NVRY53BV.txt
d:\run\TEMP\NY74JADG.txt
d:\run\TEMP\NZ7SYI7N.txt
d:\run\TEMP\O1D55XIY.txt
d:\run\TEMP\O661XDU9.txt
d:\run\TEMP\O81I7LM7.txt
d:\run\TEMP\O8F62CMT.txt
d:\run\TEMP\OB00B066.txt
d:\run\TEMP\OCWOXOB9.txt
d:\run\TEMP\ODDAP6WZ.txt
d:\run\TEMP\ODZFO02F.txt
d:\run\TEMP\OGB34UWF.txt
d:\run\TEMP\OKMEJW73.txt
d:\run\TEMP\OLJVN3XS.txt
d:\run\TEMP\OM4XYXHG.txt
d:\run\TEMP\OMLX47AE.txt
d:\run\TEMP\ONVSW9L0.txt
d:\run\TEMP\OPLLDFHW.txt
d:\run\TEMP\OSZXOBRT.txt
d:\run\TEMP\OU2W26T9.txt
d:\run\TEMP\OWDCH168.txt
d:\run\TEMP\OXW71Y2T.txt
d:\run\TEMP\OXY8S71U.txt
d:\run\TEMP\P02I1U2F.txt
d:\run\TEMP\P02LZYFD.txt
d:\run\TEMP\PDEW0X48.txt
d:\run\TEMP\PFJLKMQC.txt
d:\run\TEMP\PH0IWERY.txt
d:\run\TEMP\PicasaUpdater_27e9.exe
d:\run\TEMP\PicasaUpdater_3f8.exe
d:\run\TEMP\PicasaUpdater_508a.exe
d:\run\TEMP\PicasaUpdater_728a.exe
d:\run\TEMP\PLB7JQ1G.txt
d:\run\TEMP\PRE3RDWS.txt
d:\run\TEMP\PRG1DPLT.txt
d:\run\TEMP\PTCLF5I0.txt
d:\run\TEMP\PTF8FFU5.txt
d:\run\TEMP\PUL3Q3BM.txt
d:\run\TEMP\Q2K45SZH.txt
d:\run\TEMP\Q2RN2YZ5.txt
d:\run\TEMP\Q45C6O2I.txt
d:\run\TEMP\Q57DEKTI.txt
d:\run\TEMP\Q96T1U0N.txt
d:\run\TEMP\QBS99XJX.txt
d:\run\TEMP\QDW9BV45.txt
d:\run\TEMP\QFQ0ZS3L.txt
d:\run\TEMP\QG4572HG.txt
d:\run\TEMP\QGK1KFR3.txt
d:\run\TEMP\QK92ERYC.txt
d:\run\TEMP\QLAOOXOR.txt
d:\run\TEMP\QNPVMHEQ.txt
d:\run\TEMP\QP42E89K.txt
d:\run\TEMP\QSCNRP2T.txt
d:\run\TEMP\QSDDFY9P.txt
d:\run\TEMP\QTHTKXV3.txt
d:\run\TEMP\QVXKZR58.txt
d:\run\TEMP\QY4RI5RQ.txt
d:\run\TEMP\QZ4FGAMP.txt
d:\run\TEMP\QZMGK4A0.txt
d:\run\TEMP\R1RZAYII.txt
d:\run\TEMP\R49NGO42.txt
d:\run\TEMP\R5XJN5YH.txt
d:\run\TEMP\R7CP2B14.txt
d:\run\TEMP\RCJS33K3.txt
d:\run\TEMP\REG842E.tmp
d:\run\TEMP\REG8D42.tmp
d:\run\TEMP\REHIBU9C.txt
d:\run\TEMP\RFB3FYCS.txt
d:\run\TEMP\RFK7BIP9.txt
d:\run\TEMP\RG6WV791.txt
d:\run\TEMP\RGZVHFHD.txt
d:\run\TEMP\RH8X1O7F.txt
d:\run\TEMP\RNW22V97.txt
d:\run\TEMP\RR1US2LT.txt
d:\run\TEMP\RVHK1ZQ6.txt
d:\run\TEMP\RW3EFDT9.txt
d:\run\TEMP\S0FGGAP6.txt
d:\run\TEMP\S2FYYZU3.txt
d:\run\TEMP\S50F0W5G.txt
d:\run\TEMP\SAKOXI0I.txt
d:\run\TEMP\SEXY9H8G.txt
d:\run\TEMP\SJ4MHWPS.txt
d:\run\TEMP\SKU32TCZ.txt
d:\run\TEMP\SLF39L6I.txt
d:\run\TEMP\SN4N5KBV.txt
d:\run\TEMP\SPJWR2JF.txt
d:\run\TEMP\SPTF1N6G.txt
d:\run\TEMP\SR90M50O.txt
d:\run\TEMP\SSZSEACU.txt
d:\run\TEMP\SUWA7VEV.txt
d:\run\TEMP\SYZBOQIX.txt
d:\run\TEMP\T5HPMZ8C.txt
d:\run\TEMP\T5UX2NCJ.txt
d:\run\TEMP\T621A207.txt
d:\run\TEMP\T7CAI8M3.txt
d:\run\TEMP\TDNJ580S.txt
d:\run\TEMP\THQ9Z9LH.txt
d:\run\TEMP\TKZVM6CH.txt
d:\run\TEMP\TMP00000661F958E6D8BAAA9FE5
d:\run\TEMP\TS_888.tmp
d:\run\TEMP\TTR0YJCW.txt
d:\run\TEMP\TTUT4877.txt
d:\run\TEMP\TTV83196.txt
d:\run\TEMP\TU63QT81.txt
d:\run\TEMP\TVXRCRLN.txt
d:\run\TEMP\TY8FVJTF.txt
d:\run\TEMP\U0HJN6M8.txt
d:\run\TEMP\U3UN4P9P.txt
d:\run\TEMP\U744ZA0T.txt
d:\run\TEMP\U7NO7KIK.txt
d:\run\TEMP\UAR86XT8.txt
d:\run\TEMP\UBOMA9VC.txt
d:\run\TEMP\UEFVS9RJ.txt
d:\run\TEMP\UH7Q6V19.txt
d:\run\TEMP\UKWMPVM5.txt
d:\run\TEMP\UNJW0FMF.txt
d:\run\TEMP\UP0S2338.txt
d:\run\TEMP\UP6S3NFI.txt
d:\run\TEMP\UQK3YLV6.txt
d:\run\TEMP\UQPG9TRU.txt
d:\run\TEMP\URJ3GR80.txt
d:\run\TEMP\V2EKQEAJ.txt
d:\run\TEMP\V2WR0WJU.txt
d:\run\TEMP\V32KKI5M.txt
d:\run\TEMP\V5EWZ1K4.txt
d:\run\TEMP\V75GMNC3.txt
d:\run\TEMP\VCKH80I6.txt
d:\run\TEMP\VGX48A6.tmp
d:\run\TEMP\VI1G2I2J.txt
d:\run\TEMP\VJVSRKOS.txt
d:\run\TEMP\VJZ099TO.txt
d:\run\TEMP\VNAQ8AUV.txt
d:\run\TEMP\VQYMSG33.txt
d:\run\TEMP\VTM4SS19.txt
d:\run\TEMP\VW7ZKU9T.txt
d:\run\TEMP\VZ1JWMX1.txt
d:\run\TEMP\W1FL61H7.txt
d:\run\TEMP\W4Q20WOD.txt
d:\run\TEMP\W5WA8F6U.txt
d:\run\TEMP\W6F5SOHI.txt
d:\run\TEMP\WAFA3W2J.txt
d:\run\TEMP\WAH162U4.txt
d:\run\TEMP\WAQXZUK8.txt
d:\run\TEMP\WAWRGZYP.txt
d:\run\TEMP\WBFA0O1B.txt
d:\run\TEMP\WCVM9I4V.txt
d:\run\TEMP\WDY8L8WY.txt
d:\run\TEMP\WER3092.tmp.hdmp
d:\run\TEMP\WER4AA1.tmp.hdmp
d:\run\TEMP\WERC4CE.tmp.xml
d:\run\TEMP\WEREB3E.tmp.xml
d:\run\TEMP\WEVVI2SO.txt
d:\run\TEMP\WI74M2MK.txt
d:\run\TEMP\wmsetup.log
d:\run\TEMP\WNZ15TNB.txt
d:\run\TEMP\WSRJQRME.txt
d:\run\TEMP\WT793KRP.txt
d:\run\TEMP\WTZDWYZM.txt
d:\run\TEMP\WUNNXJQ9.txt
d:\run\TEMP\WW5POG5S.txt
d:\run\TEMP\X0H50Z7K.txt
d:\run\TEMP\X28NYVOD.txt
d:\run\TEMP\X2WHYEV2.txt
d:\run\TEMP\X4Q6RMKO.txt
d:\run\TEMP\X5OWG6ZI.txt
d:\run\TEMP\X9QLJMIT.txt
d:\run\TEMP\XAGU6R1I.txt
d:\run\TEMP\XC7WE4T0.txt
d:\run\TEMP\XEHUA1JW.txt
d:\run\TEMP\XI8FZWS6.txt
d:\run\TEMP\XIF7ORSI.txt
d:\run\TEMP\XLWUC97R.txt
d:\run\TEMP\XMLEC9Y3.txt
d:\run\TEMP\XOGIQUD8.txt
d:\run\TEMP\XT1I0VA2.txt
d:\run\TEMP\XYZJG9AZ.txt
d:\run\TEMP\Y004SM5D.txt
d:\run\TEMP\Y0H4OSNV.txt
d:\run\TEMP\Y0WSY91Z.txt
d:\run\TEMP\Y3UYH0VK.txt
d:\run\TEMP\Y3XIJAU2.txt
d:\run\TEMP\Y75F8JI0.txt
d:\run\TEMP\YFP7LO2T.txt
d:\run\TEMP\YJ7F1UO4.txt
d:\run\TEMP\YJC7SJIL.txt
d:\run\TEMP\YK7D5LRF.txt
d:\run\TEMP\YKFI5GWU.txt
d:\run\TEMP\YMZHPRR8.txt
d:\run\TEMP\YPI1HKCU.txt
d:\run\TEMP\YQVJZOCM.txt
d:\run\TEMP\YR54I10L.txt
d:\run\TEMP\YUXP6LOC.txt
d:\run\TEMP\YV46K5MD.txt
d:\run\TEMP\Z267HYV3.txt
d:\run\TEMP\Z2C9GUSA.txt
d:\run\TEMP\Z5H3J153.txt
d:\run\TEMP\Z5JWIHTM.txt
d:\run\TEMP\ZD0UQ2ND.txt
d:\run\TEMP\ZDWQE9JC.txt
d:\run\TEMP\ZPFTGXHI.txt
d:\run\TEMP\ZQOLVXII.txt
d:\run\TEMP\ZRL2EBH0.txt
d:\run\TEMP\ZSK12FI9.txt
d:\run\TEMP\ZTZTOVWY.txt
d:\run\TEMP\ZVAT2R33.txt
d:\run\TEMP\ZXQKAA5D.txt
d:\run\TEMP\ZYLDC1SH.txt
d:\run\TEMP\ZZ1GWI63.txt
d:\run\TEMP\ZZ5DAVBF.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 00:01 . 2012-07-10 00:01--------d-----w-d:\users\Bosh\AppData\Local\temp
2012-07-09 09:04 . 2012-07-09 09:04--------d-----w-C:\FRST
2012-07-09 08:54 . 2012-07-09 08:54--------d-----w-d:\users\Bosh\AppData\Roaming\Malwarebytes
2012-07-09 08:54 . 2012-07-09 08:54--------d-----w-c:\programdata\Malwarebytes
2012-07-09 08:54 . 2012-04-04 22:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-09 04:35 . 2012-07-09 04:35--------d-----w-c:\program files\Canon
2012-07-09 04:35 . 2011-01-06 20:081310720----a-w-c:\windows\system32\CNC870C.dll
2012-07-09 04:35 . 2011-01-06 20:08110592----a-w-c:\windows\system32\CNC870I.dll
2012-07-09 04:35 . 2011-01-06 20:07102400----a-w-c:\windows\system32\CNC870U.dll
2012-07-09 04:35 . 2009-10-19 23:29307200----a-w-c:\windows\system32\CNC870L.dll
2012-07-09 04:35 . 2008-08-26 01:0215872----a-w-c:\windows\system32\CNHMCA.dll
2012-07-09 04:33 . 2012-07-09 04:33--------d-----w-c:\windows\system32\STRING
2012-07-09 04:33 . 2012-07-09 04:33--------d-----w-c:\windows\system32\CHM
2012-07-09 04:33 . 2009-10-09 22:01137216----a-w-c:\windows\system32\CNMNPUI.DLL
2012-07-09 04:33 . 2009-10-09 22:01354816----a-w-c:\windows\system32\CNMNPPM.DLL
2012-06-29 04:00 . 2009-03-19 00:3526176---ha-w-c:\windows\system32\hamachi.sys
2012-06-27 05:58 . 2012-06-27 05:58--------d-----w-c:\program files\Common Files\Java
2012-06-27 05:57 . 2012-06-27 05:57--------d-----w-c:\program files\Oracle
2012-06-27 05:57 . 2012-05-05 02:29772504----a-w-c:\windows\system32\npDeployJava1.dll
2012-06-27 05:55 . 2012-06-27 05:55--------d-----w-c:\programdata\McAfee
2012-06-21 18:14 . 2012-06-02 22:1953784----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 18:14 . 2012-06-02 22:1945080----a-w-c:\windows\system32\wups2.dll
2012-06-21 18:14 . 2012-06-02 22:191933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 18:14 . 2012-06-02 22:122422272----a-w-c:\windows\system32\wucltux.dll
2012-06-21 18:14 . 2012-06-02 22:1935864----a-w-c:\windows\system32\wups.dll
2012-06-21 18:14 . 2012-06-02 22:19577048----a-w-c:\windows\system32\wuapi.dll
2012-06-21 18:14 . 2012-06-02 22:1288576----a-w-c:\windows\system32\wudriver.dll
2012-06-21 18:14 . 2012-06-02 20:19171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 18:14 . 2012-06-02 20:1233792----a-w-c:\windows\system32\wuapp.exe
2012-06-19 10:36 . 2012-05-31 03:416762896----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E19F662-7201-4466-AD15-D253F1DCBD58}\mpengine.dll
2012-06-19 07:01 . 2012-06-20 19:58--------d-----w-d:\users\Bosh\AppData\Local\Apple Computer
2012-06-19 06:55 . 2012-07-09 07:15--------d-----w-d:\users\Bosh\AppData\Roaming\Apple Computer
2012-06-19 06:50 . 2012-06-19 06:50--------d-----w-c:\programdata\Apple
2012-06-18 19:46 . 2012-06-18 19:46--------d-----w-d:\users\Bosh\AppData\Roaming\NVIDIA
2012-06-18 19:15 . 2012-05-15 09:282561344----a-w-c:\windows\system32\nvsvcr.dll
2012-06-18 19:15 . 2012-05-15 09:28645440----a-w-c:\windows\system32\nvvsvc.exe
2012-06-18 19:15 . 2012-05-15 09:2862272----a-w-c:\windows\system32\nvshext.dll
2012-06-18 19:15 . 2012-05-15 09:28108352----a-w-c:\windows\system32\nvmctray.dll
2012-06-18 19:15 . 2012-05-15 09:283931456----a-w-c:\windows\system32\nvcpl.dll
2012-06-18 18:46 . 2012-06-18 18:46--------d-----w-d:\users\Bosh\AppData\Roaming\Dell
2012-06-18 18:46 . 2012-06-21 20:19--------d-----w-c:\programdata\PCDr
2012-06-18 18:46 . 2012-06-18 18:46--------d-----w-c:\programdata\Dell
2012-06-18 18:45 . 2012-06-18 18:47--------d-----w-c:\program files\Dell Support Center
2012-06-18 18:43 . 2012-06-18 18:43--------d-----w-d:\users\Bosh\AppData\Roaming\PCDr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:26 . 2010-10-17 08:5561248----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2010-10-17 08:5515322432----a-w-c:\windows\system32\nvd3dum.dll
2012-05-05 02:29 . 2011-07-16 00:57687504----a-w-c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:4994208----a-w-d:\users\Bosh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:4994208----a-w-d:\users\Bosh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:4994208----a-w-d:\users\Bosh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:502957312----a-w-c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:502957312----a-w-c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="d:\run\Tools\TC\TrueCrypt.exe" [2011-05-25 1496528]
"MusicManager"="d:\users\Bosh\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"306E1B8E2C99E83119C42FCB48AAF71FCAC5BD78._service_run"="d:\users\Bosh\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
"DAEMON Tools Lite"="d:\run\Tools\DAEMON Tools Pro\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\run\Tools\ESET\egui.exe" [2011-01-12 2219184]
"UnlockerAssistant"="d:\run\Tools\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"boincmgr"="d:\run\Internet\BOINC\boincmgr.exe" [2010-09-24 4543232]
"boinctray"="d:\run\Internet\BOINC\boinctray.exe" [2010-09-24 58112]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="d:\run\Tools\Internet\Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
.
d:\users\Bosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - d:\users\Bosh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1102624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-06-18 18:3213672----a-w-c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:0486528----a-w-c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli psqlpwd c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\D:^Users^Bosh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=d:\users\Bosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-02-02 02:53390720----a-w-c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 15:46499608----a-w-c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 14:081523360----a-w-c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57406992----a-w-c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-04-05 23:46288040----a-w-c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:5491520----a-w-c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]
2009-03-13 01:18602624----a-w-d:\run\Tools\Everything\Everything.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-09 01:06136176----a-w-d:\users\Bosh\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-10 08:0136864----a-w-c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 05:5049168----a-w-c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-02-07 23:11451856----a-w-d:\run\Tools\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2010-11-16 10:522536448----a-w-c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07252296----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37517096----a-w-c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-02-02 02:525546376----a-w-d:\run\Tools\AcronisTrueImage\TrueImageMonitor.exe
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;d:\run\Internet\Nitro\NitroPDFReaderDriverService.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 WMPControllerService;WMPControllerService;c:\dell\Utilities\Dell Premium Remote Control\WMPControllerService.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;d:\run\Tools\ESET\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\run\Tools\Internet\Hamachi\hamachi-2.exe [x]
S2 PanInstaller;PanInstaller;c:\program files\Palo Alto Networks\Pan Connect\PanInstaller.exe [x]
S2 PanService;PanService;c:\program files\Palo Alto Networks\Pan Connect\PanService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;d:\run\Tools\Spybot\SDWinSec.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 PanSvd;Pan Virtual Miniport;c:\windows\system32\DRIVERS\pansvd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000Core.job
- d:\users\Bosh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 01:06]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000UA.job
- d:\users\Bosh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 01:06]
.
2012-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-07-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - d:\users\Bosh\AppData\Roaming\Mozilla\Firefox\Profiles\gaccxglw.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-iCloudServices - d:\run\Internet\iCloud\iCloudServices.exe
HKCU-Run-ApplePhotoStreams - d:\run\Internet\iCloud\ApplePhotoStreams.exe
HKCU-Run-com.apple.dav.bookmarks.daemon - d:\run\Internet\iCloud\BookmarkDAV_client.exe
MSConfigStartUp-DAEMON Tools Pro Agent - d:\run\Tools\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-DellRemote - c:\dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
MSConfigStartUp-Steam - d:\run\Games\Steam\Steam.exe
AddRemove-Terraria 1.1.2 - c:\program files\Terraria\Uninstall.exe
AddRemove-uTorrent - h:\run\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:63,75,c8,97,be,57,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(3804)
d:\users\Bosh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
d:\run\Internet\BOINC\boinc.exe
c:\windows\system32\conhost.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\sppsvc.exe
d:\run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86
c:\windows\system32\conhost.exe
d:\run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-07-09 17:05:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 00:05
.
Pre-Run: 14,314,889,216 bytes free
Post-Run: 14,127,820,800 bytes free
.
- - End Of File - - 7B7CEC7C245A39144FFFA291A6CD9435
 
Looks good :)

Any current issues?

=====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Internet is working again after going dark around 11pm PST last night.

ESET Smart Scan (instructed not to fix anything) only shows Sirefef in C:\FRST\Quarantine.
 
PART 1

OTL logfile created on: 7/9/2012 6:01:46 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Users\Bosh\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 19.08% Memory free
6.99 Gb Paging File | 2.27 Gb Available in Paging File | 32.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.04 Gb Total Space | 13.24 Gb Free Space | 26.46% Space Free | Partition Type: NTFS
Drive D: | 350.00 Gb Total Space | 41.84 Gb Free Space | 11.96% Space Free | Partition Type: NTFS
Drive F: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 14.90 Gb Total Space | 10.90 Gb Free Space | 73.17% Space Free | Partition Type: FAT32

Computer Name: B0SH | User Name: Bosh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 17:59:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Users\Bosh\Desktop\OTL.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- D:\Run\Tools\Internet\Hamachi\hamachi-2-ui.exe
PRC - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- D:\Run\Tools\Internet\Hamachi\hamachi-2.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- D:\Users\Bosh\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/15 02:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 02:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- D:\Run\Security\Malwarebytes\mbam.exe
PRC - [2012/03/25 21:28:40 | 000,049,340 | ---- | M] (The Pidgin developer community) -- D:\Run\Internet\Pidgin\pidgin.exe
PRC - [2012/02/26 11:15:17 | 006,006,784 | ---- | M] (New York University Center For Comparative Functional Genomics in collaboration with the University of Washington and IBM Corporation) -- D:\Run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86
PRC - [2012/02/26 07:13:12 | 001,462,784 | ---- | M] () -- D:\Run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86
PRC - [2012/02/13 01:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- D:\Run\Tools\DAEMON Tools Pro\DTLite.exe
PRC - [2012/02/01 19:31:28 | 001,102,624 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2012/02/01 19:31:28 | 000,775,968 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2012/02/01 19:31:26 | 003,720,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/08/11 11:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/08/11 11:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/19 17:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/25 06:08:04 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/05/25 01:14:50 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- D:\Run\Tools\TC\TrueCrypt.exe
PRC - [2011/04/12 14:43:52 | 000,947,528 | ---- | M] (Palo Alto Networks) -- C:\Program Files\Palo Alto Networks\Pan Connect\PanService.exe
PRC - [2011/04/12 14:43:20 | 000,234,824 | ---- | M] () -- C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/01 19:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- D:\Run\Tools\ESET\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- D:\Run\Tools\ESET\egui.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/23 19:59:44 | 004,543,232 | ---- | M] (World Community Grid) -- D:\Run\Internet\BOINC\boincmgr.exe
PRC - [2010/09/23 19:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- D:\Run\Internet\BOINC\boinctray.exe
PRC - [2010/09/23 19:59:40 | 000,537,344 | ---- | M] (World Community Grid) -- D:\Run\Internet\BOINC\boinc.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Run\Tools\Spybot\SDWinSec.exe
PRC - [2008/02/15 19:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012/03/25 21:28:42 | 000,036,068 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\xmppdisco.dll
MOD - [2012/03/25 21:28:42 | 000,030,333 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\xmppconsole.dll
MOD - [2012/03/25 21:28:42 | 000,023,455 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\winprefs.dll
MOD - [2012/03/25 21:28:42 | 000,022,901 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\win2ktrans.dll
MOD - [2012/03/25 21:28:40 | 000,338,072 | ---- | M] () -- D:\Run\Internet\Pidgin\libjabber.dll
MOD - [2012/03/25 21:28:40 | 000,302,791 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libmsn.dll
MOD - [2012/03/25 21:28:40 | 000,256,529 | ---- | M] () -- D:\Run\Internet\Pidgin\liboscar.dll
MOD - [2012/03/25 21:28:40 | 000,194,434 | ---- | M] () -- D:\Run\Internet\Pidgin\libymsg.dll
MOD - [2012/03/25 21:28:40 | 000,184,224 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libgg.dll
MOD - [2012/03/25 21:28:40 | 000,149,384 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libsilc.dll
MOD - [2012/03/25 21:28:40 | 000,121,476 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libmxit.dll
MOD - [2012/03/25 21:28:40 | 000,096,443 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libsametime.dll
MOD - [2012/03/25 21:28:40 | 000,092,138 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libnovell.dll
MOD - [2012/03/25 21:28:40 | 000,088,548 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libmyspace.dll
MOD - [2012/03/25 21:28:40 | 000,079,922 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libirc.dll
MOD - [2012/03/25 21:28:40 | 000,073,584 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libbonjour.dll
MOD - [2012/03/25 21:28:40 | 000,063,229 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\spellchk.dll
MOD - [2012/03/25 21:28:40 | 000,045,348 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libsimple.dll
MOD - [2012/03/25 21:28:40 | 000,039,509 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\log_reader.dll
MOD - [2012/03/25 21:28:40 | 000,024,487 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\themeedit.dll
MOD - [2012/03/25 21:28:40 | 000,024,106 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\ticker.dll
MOD - [2012/03/25 21:28:40 | 000,023,390 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\pidginrc.dll
MOD - [2012/03/25 21:28:40 | 000,022,335 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\notify.dll
MOD - [2012/03/25 21:28:40 | 000,019,854 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\ssl-nss.dll
MOD - [2012/03/25 21:28:40 | 000,019,058 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\convcolors.dll
MOD - [2012/03/25 21:28:40 | 000,018,502 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libyahoo.dll
MOD - [2012/03/25 21:28:40 | 000,017,951 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\timestamp_format.dll
MOD - [2012/03/25 21:28:40 | 000,017,519 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libxmpp.dll
MOD - [2012/03/25 21:28:40 | 000,014,951 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libyahoojp.dll
MOD - [2012/03/25 21:28:40 | 000,014,905 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\markerline.dll
MOD - [2012/03/25 21:28:40 | 000,014,619 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\autoaccept.dll
MOD - [2012/03/25 21:28:40 | 000,013,589 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\timestamp.dll
MOD - [2012/03/25 21:28:40 | 000,013,528 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\history.dll
MOD - [2012/03/25 21:28:40 | 000,012,665 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\idle.dll
MOD - [2012/03/25 21:28:40 | 000,012,177 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\joinpart.dll
MOD - [2012/03/25 21:28:40 | 000,011,669 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\offlinemsg.dll
MOD - [2012/03/25 21:28:40 | 000,011,163 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libicq.dll
MOD - [2012/03/25 21:28:40 | 000,010,860 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\extplacement.dll
MOD - [2012/03/25 21:28:40 | 000,010,624 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\statenotify.dll
MOD - [2012/03/25 21:28:40 | 000,010,232 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\libaim.dll
MOD - [2012/03/25 21:28:40 | 000,010,203 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\sendbutton.dll
MOD - [2012/03/25 21:28:40 | 000,010,075 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\relnot.dll
MOD - [2012/03/25 21:28:40 | 000,010,026 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\psychic.dll
MOD - [2012/03/25 21:28:40 | 000,009,126 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\newline.dll
MOD - [2012/03/25 21:28:40 | 000,008,793 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/03/25 21:28:40 | 000,007,899 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\buddynote.dll
MOD - [2012/03/25 21:28:40 | 000,007,511 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\iconaway.dll
MOD - [2012/03/25 21:28:40 | 000,007,162 | ---- | M] () -- D:\Run\Internet\Pidgin\plugins\ssl.dll
MOD - [2012/03/25 21:28:36 | 000,582,656 | ---- | M] () -- D:\Run\Internet\Pidgin\exchndl.dll
MOD - [2012/03/25 21:28:36 | 000,475,580 | ---- | M] () -- D:\Run\Internet\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/03/25 21:26:20 | 000,417,501 | ---- | M] () -- D:\Run\Internet\Pidgin\sqlite3.dll
MOD - [2012/03/25 21:26:16 | 002,719,062 | ---- | M] () -- D:\Run\Internet\Pidgin\libsilc-1-1-2.dll
MOD - [2012/03/25 21:26:16 | 001,206,642 | ---- | M] () -- D:\Run\Internet\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/03/25 21:26:14 | 000,173,805 | ---- | M] () -- D:\Run\Internet\Pidgin\libmeanwhile-1.dll
MOD - [2012/03/25 21:26:04 | 001,213,633 | ---- | M] () -- D:\Run\Internet\Pidgin\libxml2-2.dll
MOD - [2012/02/26 07:13:12 | 001,462,784 | ---- | M] () -- D:\Run\Internet\BOINC\data\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86
MOD - [2011/09/22 19:03:57 | 000,904,525 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011/09/22 19:03:57 | 000,482,872 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011/09/22 19:03:57 | 000,279,059 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011/09/22 19:03:57 | 000,219,305 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011/09/22 19:03:57 | 000,143,096 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011/09/22 19:03:57 | 000,095,189 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011/09/22 19:03:57 | 000,090,496 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011/09/22 19:03:57 | 000,055,808 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011/09/22 19:03:56 | 000,535,264 | ---- | M] () -- D:\Run\Internet\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- D:\Run\Tools\Unlocker\UnlockerHook.dll
MOD - [2009/08/18 13:02:42 | 000,061,952 | ---- | M] () -- D:\Run\Internet\BOINC\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Dell\Utilities\Dell Premium Remote Control\WMPControllerService.exe -- (WMPControllerService)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- D:\Run\Tools\Internet\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/18 11:32:23 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/02/07 16:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- D:\Run\Tools\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/02/01 19:31:28 | 000,775,968 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/25 06:08:04 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/05/25 02:27:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/12 14:43:52 | 000,947,528 | ---- | M] (Palo Alto Networks) [Auto | Running] -- C:\Program Files\Palo Alto Networks\Pan Connect\PanService.exe -- (PanService)
SRV - [2011/04/12 14:43:20 | 000,234,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Palo Alto Networks\Pan Connect\PanInstaller.exe -- (PanInstaller)
SRV - [2011/02/01 19:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Run\Tools\ESET\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Run\Tools\ESET\ekrn.exe -- (ekrn)
SRV - [2010/09/30 14:01:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- D:\Run\Internet\Nitro\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/09/10 16:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Run\Tools\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (auqcrd5e)
DRV - [2012/07/09 18:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/05/15 03:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/03/03 20:05:31 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/07 16:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- D:\Run\Tools\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/08/10 22:20:24 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011/05/25 06:08:04 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/05/25 06:08:00 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/05/25 06:07:57 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/05/25 06:07:52 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/05/25 01:14:50 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/04/12 14:42:58 | 000,027,136 | ---- | M] (Palo Alto Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pansvd.sys -- (PanSvd)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Users\Bosh\Desktop\DCIM
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 A7 7A 90 EA AB CC 01 [binary data]
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\..\SearchScopes,DefaultScope = {30B1B7D1-9B11-4D56-BCC2-4D6895FD3707}
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\..\SearchScopes\{30B1B7D1-9B11-4D56-BCC2-4D6895FD3707}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
PART 2 OTL

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Run\Create\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Run\Entertainment\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Bosh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Bosh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Run\Internet\Failfox\components [2011/12/27 15:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Run\Internet\Failfox\plugins [2011/12/27 15:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Run\Tools\ESET\Mozilla Thunderbird [2011/05/25 04:05:28 | 000,000,000 | ---D | M]

[2011/11/19 12:56:15 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Bosh\AppData\Roaming\Mozilla\Extensions
[2012/02/08 16:20:19 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Bosh\AppData\Roaming\Mozilla\Firefox\Profiles\gaccxglw.default\extensions
[2011/11/19 12:58:57 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Users\Bosh\AppData\Roaming\Mozilla\Firefox\Profiles\gaccxglw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/08 16:20:20 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Bosh\AppData\Roaming\Mozilla\Firefox\Profiles\gaccxglw.default\extensions\staged
[2011/11/19 12:59:54 | 000,131,843 | ---- | M] () (No name found) -- D:\USERS\BOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GACCXGLW.DEFAULT\EXTENSIONS\{95C9A302-8557-4052-91B7-2BB6BA33C885}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Users\Bosh\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Citrix ICA Client (Enabled) = D:\Run\Internet\Failfox\plugins\npicaN.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Run\Tools\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = D:\Run\Tools\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = D:\Run\Create\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\Run\Entertainment\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = D:\Users\Bosh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: RapidShare Extension for Google Chrome\u2122 = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnniagnighkjjnaebfggchaaagfjocb\2.2_0\
CHR - Extension: QR-Code Tag Extension = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfddoencoiedfjgepnlhcpfikgaogdg\0.7.9_0\
CHR - Extension: Video Downloader - All videos from all sites = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdglijkhmmniffomkalmhiplpfoofplo\1.1_0\
CHR - Extension: Autoplayer for Mafia Wars (Facebook) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgagpckjofhomehafhognmangbjdiaap\3.0.96_0\
CHR - Extension: Add to Amazon Wish List = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: RapidShare Auto-Downloader = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcngaibjigkbcpniopoogeojkjljfpil\3.0.1_0\
CHR - Extension: IBA Opt-out (by Google) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_0\
CHR - Extension: Select and Speak = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn\0.1.8_0\
CHR - Extension: The Camelizer = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\1.5_0\
CHR - Extension: AdBlock = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: FB MafiaWars Addon = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidacfabgnpddbiiaplgdpnbeegooihd\2.9.51_1\
CHR - Extension: goo.gl URL Shortener = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Google Voice (by Google) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: InstallFree Nexus with Microsoft Office = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkbdmlhfkcpbokoofbgohenkmpohfnpe\1.0.3_0\
CHR - Extension: TweetDeck Launcher = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk\1.0_0\
CHR - Extension: JDownloader Integration for Google Chrome\u2122 = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm\1.2.3_0\
CHR - Extension: MegaUpload DownloadHelper = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekjckogogidfhpejjmaaekecplpdcg\1.2_0\
CHR - Extension: Boomerang for Gmail = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkdbdadolokifeomchamhifddohomii\1.0_0\
CHR - Extension: Chrome Speak = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgpmlgbbboameedkldbfbhoigbabcbhk\1.2_0\
CHR - Extension: Personal Blocklist (by Google) = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.3_0\
CHR - Extension: Face Book Mafia Gift Acceptor = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\oagdpocbmcbhfomikopeabjeahenmmio\0.10.143_0\
CHR - Extension: Microformats for Google Chrome\u2122 = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl\0.4.11_0\
CHR - Extension: SpeakIt! = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak\0.2.5_0\
CHR - Extension: Evernote Web Clipper = D:\Users\Bosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\

O1 HOSTS File: ([2012/07/09 17:02:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [boincmgr] D:\Run\Internet\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] D:\Run\Internet\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [egui] D:\Run\Tools\ESET\egui.exe (ESET)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Run\Tools\Internet\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] D:\Run\Tools\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000..\Run: [DAEMON Tools Lite] D:\Run\Tools\DAEMON Tools Pro\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000..\Run: [MusicManager] D:\Users\Bosh\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000..\Run: [TrueCrypt] D:\Run\Tools\TC\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE415505-B6F6-434A-907F-8DAFFCB30C24}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 02:26:40 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 17:59:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/09 17:59:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Users\Bosh\Desktop\OTL.exe
[2012/07/09 17:05:22 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Local\temp
[2012/07/09 17:05:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/09 17:02:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/09 16:51:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/09 16:51:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/09 16:51:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/09 16:48:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/09 16:48:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/09 02:04:20 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/09 01:54:22 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\Malwarebytes
[2012/07/09 01:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sec
[2012/07/09 01:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/09 01:54:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/08 21:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/07/08 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/07/08 21:35:07 | 001,310,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870C.dll
[2012/07/08 21:35:07 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870L.dll
[2012/07/08 21:35:07 | 000,110,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870I.dll
[2012/07/08 21:35:07 | 000,102,400 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870U.dll
[2012/07/08 21:35:07 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2012/07/08 21:33:52 | 000,354,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL
[2012/07/08 21:33:52 | 000,137,216 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL
[2012/07/08 21:33:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING
[2012/07/08 21:33:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\CHM
[2012/07/08 21:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series
[2012/07/08 21:33:23 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/07/08 15:09:35 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/06/30 02:21:20 | 000,000,000 | ---D | C] -- D:\Users\Bosh\Desktop\Corporate Espionage
[2012/06/28 21:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2012/06/28 21:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2012/06/26 22:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/26 22:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/26 22:57:06 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/26 22:57:06 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/26 22:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/21 11:14:50 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 11:14:50 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 11:14:43 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 11:14:43 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 11:14:43 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 11:14:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 11:14:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 00:17:57 | 000,000,000 | ---D | C] -- D:\Users\Bosh\Desktop\docsoh
[2012/06/19 00:01:23 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Local\Apple Computer
[2012/06/18 23:55:31 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\Apple Computer
[2012/06/18 23:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/18 12:46:07 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\NVIDIA
[2012/06/18 12:15:15 | 003,931,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/06/18 12:15:15 | 002,759,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/06/18 12:15:15 | 002,561,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012/06/18 12:15:15 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/06/18 12:15:15 | 000,062,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/06/18 12:11:49 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/06/18 12:11:49 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/06/18 12:11:49 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/06/18 12:11:49 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/06/18 12:11:49 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/06/18 12:11:49 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/06/18 12:11:49 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/06/18 12:11:49 | 000,883,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/06/18 12:11:48 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/06/18 12:11:48 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/06/18 12:10:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/06/18 11:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/06/18 11:48:24 | 000,000,000 | ---D | C] -- D:\Users\Bosh\Desktop\DCIM
[2012/06/18 11:46:59 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\Dell
[2012/06/18 11:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/06/18 11:46:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/06/18 11:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/06/18 11:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/06/18 11:43:36 | 000,000,000 | ---D | C] -- D:\Users\Bosh\AppData\Roaming\PCDr

========== Files - Modified Within 30 Days ==========

[2012/07/09 18:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/09 17:59:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Users\Bosh\Desktop\OTL.exe
[2012/07/09 17:23:17 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/09 17:20:51 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000UA.job
[2012/07/09 17:10:35 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 17:10:35 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 17:06:23 | 000,663,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 17:06:23 | 000,122,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/09 17:02:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/09 17:02:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/07/09 17:02:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 17:01:57 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/09 05:01:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/07/09 05:01:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/07/09 01:54:18 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 00:15:06 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/07/08 22:55:19 | 000,367,934 | ---- | M] () -- D:\Users\Bosh\Desktop\****EVERY****INGTHING************.pdf
[2012/07/08 22:20:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537561138-1596547413-242098265-1000Core.job
[2012/07/08 21:35:10 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/07/05 07:00:59 | 000,096,721 | ---- | M] () -- D:\Users\Bosh\Desktop\AuntClaireBday7-5-12.pdf
[2012/06/28 22:18:46 | 000,001,276 | ---- | M] () -- D:\Users\Bosh\Desktop\Bluetooth Software - Shortcut.lnk
[2012/06/26 22:56:40 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/26 22:56:40 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/19 22:40:21 | 000,084,550 | ---- | M] () -- D:\Users\Bosh\Desktop\Hydraulic rotary pumps-hIL.pdf
[2012/06/18 12:21:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/18 11:48:30 | 006,105,008 | ---- | M] () -- D:\Users\Bosh\Desktop\R182249.exe

========== Files Created - No Company Name ==========

[2012/07/09 16:51:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/09 16:51:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/09 16:51:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/09 16:51:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/09 16:51:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/09 05:00:30 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/07/09 05:00:30 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/07/09 01:54:18 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 22:55:48 | 000,367,934 | ---- | C] () -- D:\Users\Bosh\Desktop\****EVERY****INGTHING************.pdf
[2012/07/08 21:35:10 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/07/08 21:35:07 | 000,015,360 | ---- | C] () -- C:\Windows\System32\CNC1743D.TBL
[2012/07/05 07:01:26 | 000,096,721 | ---- | C] () -- D:\Users\Bosh\Desktop\AuntClaireBday7-5-12.pdf
[2012/06/28 22:18:46 | 000,001,276 | ---- | C] () -- D:\Users\Bosh\Desktop\Bluetooth Software - Shortcut.lnk
[2012/06/19 22:40:20 | 000,084,550 | ---- | C] () -- D:\Users\Bosh\Desktop\Hydraulic rotary pumps-hIL.pdf
[2012/06/18 12:11:49 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/06/18 11:48:30 | 006,105,008 | ---- | C] () -- D:\Users\Bosh\Desktop\R182249.exe
[2012/06/18 11:47:02 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/18 11:47:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/21 02:27:37 | 000,000,600 | ---- | C] () -- D:\Users\Bosh\AppData\Local\PUTTY.RND
[2011/10/14 22:34:48 | 000,000,116 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/08/18 23:59:17 | 000,000,132 | ---- | C] () -- D:\Users\Bosh\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/25 05:22:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/25 03:50:48 | 000,001,658 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/25 01:25:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/05/09 22:36:30 | 000,007,599 | ---- | C] () -- D:\Users\Bosh\AppData\Local\Resmon.ResmonCfg
[2011/05/05 02:40:59 | 000,001,456 | ---- | C] () -- D:\Users\Bosh\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/11 02:02:23 | 000,003,584 | ---- | C] () -- D:\Users\Bosh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 332 bytes -> D:\Users\Bosh\Desktop\JR Explains Internet.jpg:com.dropbox.attributes

< End of report >
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.09.14
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bosh :: B0SH [administrator]
7/9/2012 6:00:57 PM
mbam-log-2012-07-09 (18-00-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233107
Time elapsed: 5 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (auqcrd5e)
O15 - HKU\S-1-5-21-2537561138-1596547413-242098265-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
@Alternate Data Stream - 332 bytes -> D:\Users\Bosh\Desktop\JR Explains Internet.jpg:com.dropbox.attributes

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Checkup

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Smart Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
CCleaner
Duplicate Cleaner 2.0.6
JavaFX 2.1.1
Java(TM) 6 Update 26
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player (10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
``````````End of Log```````````All processes killed











========== OTL ==========
Error: No service named auqcrd5e was found to stop!
Service\Driver key auqcrd5e not found.
Registry key HKEY_USERS\S-1-5-21-2537561138-1596547413-242098265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
ADS D:\Users\Bosh\Desktop\JR Explains Internet.jpg:com.dropbox.attributes deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bosh

User: Default

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 49554 bytes
Session Manager Tmp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Bosh

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Bosh

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07092012_191334

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


 
Farbar Service Scanner Version: 08-07-2012
Ran by Bosh (administrator) on 09-07-2012 at 19:18:18
Running from "I:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
 
[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Monday, July 9, 2012 19:43:20 - 19:45:52[/FONT][/FONT]

[FONT=verdana]Computer name: B0SH
Scanning type: Quick scan
Target: System[/FONT]
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]No malware found[/FONT][/FONT]

[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned:[/FONT]
  • Files: 4550
  • System: 4550
  • Not scanned: 0
[FONT=verdana]Actions:[/FONT]
  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Options[/FONT][/FONT]

[FONT=verdana]Scanning engines:[/FONT]
[FONT=verdana][/FONT]
Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
Uninstall:
JavaFX 2.1.1
Java(TM) 6 Update 26

===============================

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

================================

We have one registry key corrupted affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.
 
Ha, almost reinfected my machine with adware with that big green Download Now! button in the 404techsupport.com post. Have just been clicking and installing the numerous programs without checking them out. Ok...here's FSS now.

Farbar Service Scanner Version: 08-07-2012
Ran by Bosh (administrator) on 09-07-2012 at 21:03:20
Running from "I:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
By the way thanks so much for fixing my computer and for the help. You are awesome. Threw a tip your way via PayPal (though you deserve a bigger one).
H
 
I don't recall NOT being able to access them (had access at least as late as 6/21), but they are functional now, yes.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back