Win64/Patched.A infecting Widows\System32\services.exe

Solved
By Holden75
Oct 27, 2012
Topic Status:
Not open for further replies.
  1. Hi!
    I am running Windows7 64-bit and the Win64/Patched.A virus hit me the services.exe. Please help me remove it. Thank you.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
    Ran by SYSTEM at 27-10-2012 20:08:17
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.)
    HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Sean\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
    HKU\Sean\...\Run: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-10] (Google Inc.)
    HKU\Sean\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
    HKU\Sean\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
    HKU\Sean\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
    ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
    Startup: C:\Users\Sean\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-11-10] ()
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    3 TotRec8; C:\Windows\System32\Drivers\TotRec8.sys [121424 2010-10-14] (High Criteria inc.)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-27 17:12 - 2012-10-27 17:12 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_181254.mbf
    2012-10-27 17:11 - 2012-10-27 17:11 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_181116.mbf
    2012-10-27 15:37 - 2012-10-27 17:26 - 00000962 ____A C:\Windows\setupact.log
    2012-10-27 15:37 - 2012-10-27 15:37 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-27 14:04 - 2012-10-27 14:04 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-27 14:04 - 2012-10-27 14:04 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
    2012-10-27 14:04 - 2012-10-27 14:04 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-27 14:04 - 2012-10-27 14:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-27 14:04 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-27 14:02 - 2012-10-27 14:02 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Sean\Desktop\mbam-setup-1.65.1.1000 (1).exe
    2012-10-27 13:39 - 2012-10-27 13:39 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_143950.mbf
    2012-10-27 13:29 - 2012-10-27 13:30 - 03555328 ____A C:\Users\Sean\Documents\My Money2.mny
    2012-10-27 13:28 - 2012-10-27 13:24 - 03383296 ____A C:\Users\Sean\Documents\My Money1.M16
    2012-10-27 13:27 - 2012-10-27 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Money Plus
    2012-10-27 13:23 - 2012-10-27 13:29 - 03555328 ____A C:\Users\Sean\Documents\My Money1.mny
    2012-10-27 13:22 - 2010-11-10 18:35 - 03432448 ____A C:\Users\Sean\Documents\My Money.M15
    2012-10-27 13:10 - 2012-10-27 13:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-27 12:49 - 2012-10-27 12:49 - 00000000 ____D C:\Users\Sean\AppData\Local\{49A9F989-D182-403C-9945-84E4203B2F53}
    2012-10-27 10:20 - 2012-10-27 10:21 - 00000000 ____D C:\Users\Sean\Downloads\Microsoft.Money.Plus.Home.And.Business.2008.Retail-NoPE
    2012-10-26 20:01 - 2012-10-26 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-26 17:05 - 2012-10-26 17:10 - 00000000 ____D C:\Users\Sean\Downloads\ExploitedTeens.12.10.26.XXX.WMV-KTR
    2012-10-24 17:15 - 2012-10-24 17:15 - 00000000 ____D C:\Users\Sean\AppData\Local\{0001F02C-B141-40B5-9C39-B868DA3FFD48}
    2012-10-23 22:16 - 2012-10-23 22:17 - 00000000 ____D C:\Users\Sean\AppData\Local\{6920D2A3-9C1F-4152-82D8-FF14A4954F97}
    2012-10-23 06:37 - 2012-10-23 06:37 - 00000000 ____D C:\Users\Sean\AppData\Local\{D274FBCF-F083-4D14-B672-7F12F837624B}
    2012-10-22 06:44 - 2012-10-22 06:45 - 00000000 ____D C:\Users\Sean\AppData\Local\{6D607E8C-8C69-4988-9E5A-C0B7032B5E66}
    2012-10-21 13:19 - 2012-10-21 13:19 - 00000000 ____D C:\Users\Sean\AppData\Local\{F2889EF9-9D8B-48AF-B534-84C314FD7F24}
    2012-10-21 10:21 - 2012-09-24 22:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-10-21 10:21 - 2012-09-24 22:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-10-21 10:21 - 2012-09-24 22:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-10-21 10:19 - 2012-10-21 10:21 - 00004090 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-20 13:29 - 2012-10-20 13:30 - 00000000 ____D C:\Users\Sean\AppData\Local\{E3BBB0F3-4683-49E2-83A9-7FB6BA5F3511}
    2012-10-18 07:32 - 2012-10-18 07:32 - 00000000 ____D C:\Users\Sean\AppData\Local\{B9A39449-E37E-49FF-B9E6-B2DB7E048C44}
    2012-10-17 13:06 - 2012-10-17 15:08 - 734001152 ____A C:\Users\Sean\Downloads\Under Lock And Key.avi
    2012-10-17 11:58 - 2012-10-17 11:58 - 00000000 ____D C:\Users\Sean\AppData\Local\{F62DB327-3AC7-4D6C-B4EB-B565F3781E91}
    2012-10-16 23:08 - 2012-10-16 23:09 - 00000000 ____D C:\Users\Sean\AppData\Local\{C7E8AE2F-E07B-4C9D-AC5C-5C99A70A69DC}
    2012-10-16 07:22 - 2012-10-16 07:22 - 00000000 ____D C:\Users\Sean\AppData\Local\{F2D55AEE-E630-46AE-B58F-EEEABDF1D340}
    2012-10-15 16:51 - 2012-10-15 16:51 - 00001257 ____A C:\Users\Public\Desktop\Quest for Glory II.lnk
    2012-10-15 16:51 - 2012-10-15 16:51 - 00000000 ____D C:\Program Files (x86)\AGD Interactive
    2012-10-15 16:16 - 2012-10-15 16:17 - 00000000 ____D C:\Users\Sean\AppData\Local\{C232BC84-F2D1-4A68-9107-9F4D25D0A615}
    2012-10-14 11:49 - 2012-10-14 11:49 - 00000000 ____D C:\Users\Sean\AppData\Local\{95A3438A-08DA-4509-B891-E6905D51D964}
    2012-10-13 09:48 - 2012-10-13 09:48 - 00000000 ____D C:\Users\Sean\AppData\Local\{3038EDA7-5FF9-455E-BA41-51FA1B43376E}
    2012-10-11 11:04 - 2012-10-11 11:05 - 00000000 ____D C:\Users\Sean\AppData\Local\{09B8EC12-6601-40CD-81B1-19017696EC42}
    2012-10-11 08:11 - 2012-10-11 08:20 - 622587574 ____A C:\Users\Sean\Downloads\mshfstacimichael_720.mp4
    2012-10-10 22:59 - 2012-10-10 22:59 - 00000000 ____D C:\Users\Sean\AppData\Local\{C87460A4-145C-4DD9-A5E5-02253BAA2D82}
    2012-10-10 22:48 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 22:48 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 22:48 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 22:48 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 22:48 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 22:48 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 22:48 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 22:48 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 22:48 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 22:48 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 22:48 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 22:47 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 22:47 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-10-10 22:47 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-10-10 22:47 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-10-10 22:47 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-10-10 22:47 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-10-10 09:22 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 09:22 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 09:22 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 09:22 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 09:22 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 09:22 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 09:22 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 09:22 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 09:22 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 09:21 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 09:21 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 09:21 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 09:21 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 09:21 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 09:21 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 21:41 - 2012-10-09 21:42 - 00000000 ____D C:\Users\Sean\AppData\Local\{E4639812-3E6F-455A-A2D0-94F39396E124}
    2012-10-08 16:37 - 2012-10-08 16:37 - 00000000 ____D C:\Users\Sean\AppData\Local\{0AE78E0D-582F-4DEC-B1DB-C1C92A873676}
    2012-10-07 13:28 - 2012-10-07 13:57 - 00000000 ____D C:\Users\Sean\Downloads\Alara
    2012-10-07 12:02 - 2012-10-07 12:03 - 00000000 ____D C:\Users\Sean\AppData\Local\{7FA86BB4-F7A8-4F84-9594-5D2496653F6E}
    2012-10-06 21:16 - 2012-10-06 21:21 - 320645843 ____A C:\Users\Sean\Desktop\rumble3.mp4
    2012-10-06 11:12 - 2012-10-06 11:12 - 00000000 ____D C:\Users\Sean\AppData\Local\{C2EF4B6F-1968-4BF0-8A13-8A1A457F51F9}
    2012-10-05 17:40 - 2012-10-05 17:40 - 00000000 ____D C:\Users\Sean\AppData\Local\{74C18416-2455-411E-BA52-BCB1B4DF13C4}
    2012-10-04 20:17 - 2012-10-04 20:17 - 00000000 ____D C:\Users\Sean\AppData\Local\{1428E3EA-A974-4C2A-84B5-1B5589EBBF73}
    2012-10-03 19:15 - 2012-10-03 19:15 - 00000000 ____D C:\Users\Sean\AppData\Local\{BF4B28C1-9062-4AB3-9FB5-F83111E56B5F}
    2012-10-02 20:22 - 2012-10-02 20:23 - 00000000 ____D C:\Users\Sean\AppData\Local\{040BA5B2-4D7B-4B5F-B52B-1ADB8261878A}
    2012-10-01 19:12 - 2012-10-01 19:12 - 00000000 ____D C:\Users\Sean\AppData\Local\{DD9EBF45-6632-4CCC-A4BF-0AE4463D9165}
    2012-09-30 13:22 - 2012-09-30 13:23 - 00000000 ____D C:\Users\Sean\AppData\Local\{3ED14690-D799-4D7A-8D8F-C3B161A3CDC9}
    2012-09-29 10:36 - 2012-09-29 10:36 - 00000000 ____D C:\Users\Sean\AppData\Local\{43880694-BBDC-444F-9E0F-A95E5CE0FDED}
    2012-09-29 10:31 - 2012-09-29 10:32 - 00000000 ____D C:\Users\Sean\Downloads\Pure18.12.09.29.Mia.Bliss.Moist.Mia.XXX.1080p.MP4-KTR[rbg]
    2012-09-28 17:06 - 2012-09-28 17:06 - 00000000 ____D C:\Users\Sean\AppData\Local\{944E32FD-63FF-4523-9517-D7B78397DCC4}
    2012-09-27 23:17 - 2012-09-27 23:24 - 00000000 ____D C:\Users\Sean\Downloads\Teenburg.com.XXX.SiTERiP.Part2
    2012-09-27 19:09 - 2012-09-27 19:10 - 00000000 ____D C:\Users\Sean\AppData\Local\{BE20B5AD-09E1-4987-A247-B2EAFA1755CD}


    ==================== 3 Months Modified Files ==================

    2012-10-27 18:45 - 2012-04-11 06:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-27 18:10 - 2012-08-23 17:45 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-27 18:05 - 2010-11-10 17:07 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001UA.job
    2012-10-27 18:05 - 2010-11-10 17:07 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001Core.job
    2012-10-27 18:01 - 2012-02-11 16:49 - 00000254 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
    2012-10-27 17:34 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-27 17:34 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-27 17:27 - 2012-08-16 17:47 - 00000416 ____A C:\Windows\Tasks\DriverUpdate Startup.job
    2012-10-27 17:26 - 2012-10-27 15:37 - 00000962 ____A C:\Windows\setupact.log
    2012-10-27 17:26 - 2012-08-23 17:45 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-27 17:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-27 17:12 - 2012-10-27 17:12 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_181254.mbf
    2012-10-27 17:11 - 2012-10-27 17:11 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_181116.mbf
    2012-10-27 16:05 - 2009-07-13 21:13 - 00739744 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-27 15:37 - 2012-10-27 15:37 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-27 15:36 - 2010-11-10 16:31 - 00025736 ____A C:\Windows\PFRO.log
    2012-10-27 14:04 - 2012-10-27 14:04 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-27 14:02 - 2012-10-27 14:02 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Sean\Desktop\mbam-setup-1.65.1.1000 (1).exe
    2012-10-27 13:49 - 2010-11-15 22:10 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-10-27 13:39 - 2012-10-27 13:39 - 16163048 ___RA C:\Users\Sean\My Money Backup_2012-10-27_143950.mbf
    2012-10-27 13:30 - 2012-10-27 13:29 - 03555328 ____A C:\Users\Sean\Documents\My Money2.mny
    2012-10-27 13:29 - 2012-10-27 13:23 - 03555328 ____A C:\Users\Sean\Documents\My Money1.mny
    2012-10-27 13:24 - 2012-10-27 13:28 - 03383296 ____A C:\Users\Sean\Documents\My Money1.M16
    2012-10-27 13:23 - 2010-11-10 18:28 - 03383296 ____A C:\Users\Sean\Documents\My Money.mny
    2012-10-27 13:05 - 2010-11-10 15:43 - 01373684 ____A C:\Windows\WindowsUpdate.log
    2012-10-21 10:21 - 2012-10-21 10:19 - 00004090 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-17 15:08 - 2012-10-17 13:06 - 734001152 ____A C:\Users\Sean\Downloads\Under Lock And Key.avi
    2012-10-15 16:51 - 2012-10-15 16:51 - 00001257 ____A C:\Users\Public\Desktop\Quest for Glory II.lnk
    2012-10-11 08:20 - 2012-10-11 08:11 - 622587574 ____A C:\Users\Sean\Downloads\mshfstacimichael_720.mp4
    2012-10-10 20:50 - 2010-11-11 23:56 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 06:45 - 2012-04-11 06:26 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-09 06:45 - 2011-05-15 09:13 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-06 21:21 - 2012-10-06 21:16 - 320645843 ____A C:\Users\Sean\Desktop\rumble3.mp4
    2012-09-29 18:54 - 2012-10-27 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-24 22:16 - 2012-10-21 10:21 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-24 22:08 - 2012-10-21 10:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-24 22:07 - 2012-10-21 10:21 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-23 13:07 - 2012-02-19 15:31 - 00007628 ____A C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
    2012-09-23 00:53 - 2012-09-23 00:53 - 00001769 ____A C:\Windows\Language_trs.ini
    2012-09-21 11:24 - 2012-09-21 21:12 - 68030030 ____N C:\Users\Sean\Desktop\IMG_0747.MOV
    2012-09-20 15:02 - 2012-09-20 15:02 - 01832760 ____A (Logitech, Inc.) C:\Windows\System32\LogiLDA.DLL
    2012-09-15 01:36 - 2012-09-15 01:36 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-14 11:19 - 2012-10-10 09:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-10 09:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-12 06:59 - 2012-09-12 06:56 - 661017157 ____A C:\Users\Sean\Downloads\IKnowThatGirl_Madelyn Monroe_12.09.12.wmv
    2012-09-09 22:12 - 2012-09-09 22:06 - 683551521 ____A C:\Users\Sean\Downloads\ExploitedTeens - Sasha Hall.wmv
    2012-09-08 14:33 - 2012-09-08 14:26 - 226711163 ____A C:\Users\Sean\Downloads\Pure18_Natasha Blaze_12.09.08.mp4
    2012-09-01 12:53 - 2012-06-13 15:24 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-01 12:53 - 2010-12-02 11:40 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-01 12:40 - 2012-09-01 12:42 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-09-01 12:40 - 2012-09-01 12:42 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-09-01 12:40 - 2012-09-01 12:42 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-09-01 12:40 - 2012-09-01 12:41 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-09-01 12:40 - 2012-09-01 12:41 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-09-01 12:40 - 2012-09-01 12:41 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-09-01 12:38 - 2012-09-01 12:38 - 32693736 ____A (Oracle Corporation) C:\Users\Sean\Downloads\jre-7u7-windows-x64.exe
    2012-08-31 10:19 - 2012-10-10 22:47 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-10 09:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-10 09:22 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-10 09:22 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-30 06:37 - 2012-08-30 06:34 - 488036882 ____A C:\Users\Sean\Downloads\reg_samanthasaint-mp4FullHigh-1.mp4
    2012-08-24 22:07 - 2012-08-24 22:07 - 30428102 ____A C:\Users\Sean\Desktop\Podscure-Gentlecast-008.m4a
    2012-08-24 22:06 - 2012-08-24 22:06 - 35932976 ____A C:\Users\Sean\Desktop\Podscure-Gentlecast-007.m4a
    2012-08-24 14:43 - 2012-08-24 14:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 10:05 - 2012-10-10 09:22 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-10 09:22 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-22 09:17 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 09:17 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 09:17 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 09:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 09:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 09:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 09:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 09:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 09:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 09:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 09:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 09:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 09:17 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 09:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 09:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 09:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 09:17 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 09:17 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 09:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 09:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 09:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 09:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 09:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 09:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 09:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 09:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 09:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 09:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 09:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-22 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-22 09:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 09:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-10-10 22:47 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 01:16 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 01:16 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 01:16 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-10-10 22:47 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 12:01 - 2012-09-15 00:30 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 12:01 - 2010-11-10 18:35 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 12:01 - 2010-11-10 18:35 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-21 06:17 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-20 10:48 - 2012-10-10 22:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-10 22:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-10 22:48 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-10 22:48 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-10 22:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-10 22:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-10 22:48 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-10 22:48 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-10 22:48 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-10 22:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-10 22:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-10 22:48 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 22:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 22:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 22:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-15 19:14 - 2009-07-13 20:45 - 00275832 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-13 21:02 - 2012-08-13 20:43 - 289116234 ____A C:\Users\Sean\Downloads\Lilly Banks (08.08.2012) Cocaine.mp4
    2012-08-10 17:18 - 2012-08-10 16:50 - 302573136 ____A C:\Users\Sean\Downloads\GFrevenge - Lick and suck.mp4
    2012-08-10 16:56 - 2012-10-10 09:22 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-10 09:22 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-08 17:45 - 2010-11-10 17:10 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-08-08 17:45 - 2010-11-10 17:10 - 00000970 ____A C:\Windows\LkmdfCoInst.log
    2012-08-06 17:38 - 2012-08-06 17:37 - 509823985 ____A C:\Users\Sean\Downloads\SMProject - Relics of the Chozo CD.rar
    2012-08-02 09:58 - 2012-10-10 22:47 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-10-10 22:47 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

    ZeroAccess:
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\L
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\L\00000004.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\L\201d3dde
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\00000004.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\00000008.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\000000cb.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\80000000.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\80000032.@
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
  4. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    ==================== Restore Points =========================
    Restore point made on: 2012-10-21 10:18:45
    Restore point made on: 2012-10-27 11:09:59
    Restore point made on: 2012-10-27 13:15:31
    Restore point made on: 2012-10-27 13:18:24
    Restore point made on: 2012-10-27 13:19:25
    Restore point made on: 2012-10-27 13:25:22
    Restore point made on: 2012-10-27 15:04:19
    ==================== Memory info ===========================
    Percentage of memory in use: 16%
    Total physical RAM: 4095.11 MB
    Available physical RAM: 3437.04 MB
    Total Pagefile: 4093.26 MB
    Available Pagefile: 3453.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:65.82 GB) NTFS
    2 Drive d: (Sean3) (Fixed) (Total:186.31 GB) (Free:1.26 GB) NTFS
    3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    5 Drive h: (FreeAgent Drive) (Fixed) (Total:698.64 GB) (Free:0.06 GB) NTFS
    6 Drive I: () (Removable) (Total:14.91 GB) (Free:14.9 GB) FAT32
    7 Drive j: (My Book) (Fixed) (Total:931.28 GB) (Free:1.82 GB) FAT32
    8 Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:0.91 GB) NTFS
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (Sean2) (Fixed) (Total:232.88 GB) (Free:0 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 1024 KB
    Disk 1 Online 186 GB 1024 KB
    Disk 2 Online 465 GB 0 B
    Disk 3 Online 698 GB 0 B
    Disk 4 Online 14 GB 0 B
    Disk 5 Online 931 GB 0 B
    Disk 6 Online 1397 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y Sean2 NTFS Partition 232 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 186 GB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Sean3 NTFS Partition 186 GB Healthy
    =========================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E System Rese NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 465 GB Healthy
    =========================================================
    Partitions of Disk 3:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 31 KB
    ==================================================================================
    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FreeAgent D NTFS Partition 698 GB Healthy
    =========================================================
    Partitions of Disk 4:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 14 GB 0 B
    ==================================================================================
    Disk: 4
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    =========================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB
    ==================================================================================
    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J My Book FAT32 Partition 931 GB Healthy
    =========================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K Elements NTFS Partition 1397 GB Healthy
    =========================================================
    Last Boot: 2012-10-27 18:58
    ==================== End Of Log =============================
  5. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Farbar Recovery Scan Tool (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-27 20:10:29
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  7. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-28 12:46:11 Run:1
    Running from I:\

    ==============================================

    C:\Users\Sean\AppData\Local\{49A9F989-D182-403C-9945-84E4203B2F53} moved successfully.
    C:\Users\Sean\Downloads\Microsoft.Money.Plus.Home.And.Business.2008.Retail-NoPE moved successfully.
    C:\Users\Sean\Downloads\ExploitedTeens.12.10.26.XXX.WMV-KTR moved successfully.
    C:\Users\Sean\AppData\Local\{0001F02C-B141-40B5-9C39-B868DA3FFD48} moved successfully.
    C:\Users\Sean\AppData\Local\{6920D2A3-9C1F-4152-82D8-FF14A4954F97} moved successfully.
    C:\Users\Sean\AppData\Local\{D274FBCF-F083-4D14-B672-7F12F837624B} moved successfully.
    C:\Users\Sean\AppData\Local\{6D607E8C-8C69-4988-9E5A-C0B7032B5E66} moved successfully.
    C:\Users\Sean\AppData\Local\{F2889EF9-9D8B-48AF-B534-84C314FD7F24} moved successfully.
    C:\Users\Sean\AppData\Local\{F62DB327-3AC7-4D6C-B4EB-B565F3781E91} moved successfully.
    C:\Users\Sean\AppData\Local\{C7E8AE2F-E07B-4C9D-AC5C-5C99A70A69DC} moved successfully.
    C:\Users\Sean\AppData\Local\{F2D55AEE-E630-46AE-B58F-EEEABDF1D340} moved successfully.
    C:\Users\Sean\AppData\Local\{C232BC84-F2D1-4A68-9107-9F4D25D0A615} moved successfully.
    C:\Users\Sean\AppData\Local\{95A3438A-08DA-4509-B891-E6905D51D964} moved successfully.
    C:\Users\Sean\AppData\Local\{3038EDA7-5FF9-455E-BA41-51FA1B43376E} moved successfully.
    C:\Users\Sean\AppData\Local\{09B8EC12-6601-40CD-81B1-19017696EC42} moved successfully.
    C:\Users\Sean\AppData\Local\{C87460A4-145C-4DD9-A5E5-02253BAA2D82} moved successfully.
    C:\Users\Sean\AppData\Local\{E4639812-3E6F-455A-A2D0-94F39396E124} moved successfully.
    C:\Users\Sean\AppData\Local\{0AE78E0D-582F-4DEC-B1DB-C1C92A873676} moved successfully.
    C:\Users\Sean\AppData\Local\{7FA86BB4-F7A8-4F84-9594-5D2496653F6E} moved successfully.
    C:\Users\Sean\AppData\Local\{C2EF4B6F-1968-4BF0-8A13-8A1A457F51F9} moved successfully.
    C:\Users\Sean\AppData\Local\{74C18416-2455-411E-BA52-BCB1B4DF13C4} moved successfully.
    C:\Users\Sean\AppData\Local\{1428E3EA-A974-4C2A-84B5-1B5589EBBF73} moved successfully.
    C:\Users\Sean\AppData\Local\{BF4B28C1-9062-4AB3-9FB5-F83111E56B5F} moved successfully.
    C:\Users\Sean\AppData\Local\{040BA5B2-4D7B-4B5F-B52B-1ADB8261878A} moved successfully.
    C:\Users\Sean\AppData\Local\{DD9EBF45-6632-4CCC-A4BF-0AE4463D9165} moved successfully.
    C:\Users\Sean\AppData\Local\{3ED14690-D799-4D7A-8D8F-C3B161A3CDC9} moved successfully.
    C:\Users\Sean\AppData\Local\{43880694-BBDC-444F-9E0F-A95E5CE0FDED} moved successfully.
    C:\Users\Sean\Downloads\Pure18.12.09.29.Mia.Bliss.Moist.Mia.XXX.1080p.MP4-KTR[rbg] moved successfully.
    C:\Users\Sean\AppData\Local\{944E32FD-63FF-4523-9517-D7B78397DCC4} moved successfully.
    C:\Users\Sean\Downloads\Teenburg.com.XXX.SiTERiP.Part2 moved successfully.
    C:\Users\Sean\AppData\Local\{BE20B5AD-09E1-4987-A247-B2EAFA1755CD} moved successfully.
    C:\Windows\Installer\{8bc78772-21b6-1591-7494-17373c4f5cb5} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====
  8. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Restarted fine. Now AVG Resident Shield Alert is throwing Multiple threat detection messages at me.
    File name: c:\FRST\Quarantine\Desktop.ini
    Threat Name: Trojan horse Generic29.ANPX
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  10. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Running Combofix now. I got a dialogue box saying AVG antivirus and anti spyware were still running despite the fact that I DID DISABLE them. Is this something I should worry about?
  11. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    ComboFix has has been "Preparing Log Report" for at least 30 minutes now, maybe 45 or longer. Is this normal?
     
  12. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    Preparing Log Report for almost 2 hours now. At what point should I consider that ComboFix is hanging/not responding?
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If it hasn't worked, please do the following:

    RogueKiller Scan

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  14. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sean [Admin rights]
    Mode : Scan -- Date : 10/30/2012 19:06:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [TASK][BLPATH] HPCustParticipation HP Photosmart 7510 series : "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005 -> FOUND
    [TASK][SUSP PATH] {1A1ECEEC-78E3-4B98-9065-05BB71D38A8C} : C:\Windows\system32\pcalua.exe -a C:\Users\Sean\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Sean\Desktop -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500JB-00GVA0 ATA Device +++++
    --- User ---
    [MBR] e2c2a777a6e232b980a6db677bea0a41
    [BSP] f7b84f17af83d25ce860908f22f3d01c : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD2000JB-00GVC0 ATA Device +++++
    --- User ---
    [MBR] 1f50c5d75a489848c78a9ed4bd8f57d0
    [BSP] 4d2196d62ac704f1ac032b2993ec249d : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 ATA Device +++++
    --- User ---
    [MBR] e92a8d14fb15e65f31995fe8ac1994d0
    [BSP] c263f74d36cf891a46229c07d6ecf201 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: Seagate FreeAgentDesktop USB Device +++++
    --- User ---
    [MBR] 1b60cd4fdc96972c0c85195a02b0918b
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: CENTON DS Pro USB Device +++++
    --- User ---
    [MBR] 9b89cbee33343b01567b0f24e8f0da3a
    [BSP] 4104eba288ca0206dde1bc6a51d158a4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
    1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
    2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
    3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  15. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sean [Admin rights]
    Mode : Remove -- Date : 10/30/2012 19:09:32

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][BLPATH] HPCustParticipation HP Photosmart 7510 series : "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005 -> DELETED
    [TASK][SUSP PATH] {1A1ECEEC-78E3-4B98-9065-05BB71D38A8C} : C:\Windows\system32\pcalua.exe -a C:\Users\Sean\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Sean\Desktop -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500JB-00GVA0 ATA Device +++++
    --- User ---
    [MBR] e2c2a777a6e232b980a6db677bea0a41
    [BSP] f7b84f17af83d25ce860908f22f3d01c : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD2000JB-00GVC0 ATA Device +++++
    --- User ---
    [MBR] 1f50c5d75a489848c78a9ed4bd8f57d0
    [BSP] 4d2196d62ac704f1ac032b2993ec249d : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 ATA Device +++++
    --- User ---
    [MBR] e92a8d14fb15e65f31995fe8ac1994d0
    [BSP] c263f74d36cf891a46229c07d6ecf201 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: Seagate FreeAgentDesktop USB Device +++++
    --- User ---
    [MBR] 1b60cd4fdc96972c0c85195a02b0918b
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: CENTON DS Pro USB Device +++++
    --- User ---
    [MBR] 9b89cbee33343b01567b0f24e8f0da3a
    [BSP] 4104eba288ca0206dde1bc6a51d158a4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
    1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
    2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
    3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  16. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sean [Admin rights]
    Mode : Shortcuts HJfix -- Date : 10/30/2012 19:14:31

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 9 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 221 / Fail 0
    My documents: Success 1 / Fail 1
    My favorites: Success 0 / Fail 0
    My pictures: Success 1 / Fail 0
    My music: Success 26 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 3954 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [E:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [F:] \Device\CdRom0 -- 0x5 --> Skipped
    [G:] \Device\HarddiskVolume5 -- 0x3 --> Restored
    [I:] \Device\HarddiskVolume7 -- 0x3 --> Restored
    [J:] \Device\HarddiskVolume8 -- 0x3 --> Restored
    [K:] \Device\HarddiskVolume6 -- 0x2 --> Restored

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, try ComboFix once more as above, please.
  18. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    ComboFix 12-10-31.03 - Sean 11/01/2012 0:39.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2604 [GMT -7:00]
    Running from: c:\users\Sean\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\windows\SysWow64\URTTemp\regtlib.exe
    I:\autorun.inf
    I:\Setup.exe
    J:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-01 07:49 . 2012-11-01 07:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-11-01 07:49 . 2012-11-01 07:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-29 23:16 . 2012-10-29 23:16 -------- d-----w- c:\users\Sean\AppData\Roaming\AVG
    2012-10-29 23:15 . 2012-10-29 23:18 -------- d-----w- c:\programdata\AVG
    2012-10-29 23:14 . 2012-10-29 23:14 -------- d-s---w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-29 22:23 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-10-29 22:23 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-10-29 22:23 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-10-29 22:23 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-10-29 22:23 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2012-10-29 22:23 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-10-29 22:23 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-10-29 22:23 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-10-29 22:23 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-10-29 19:33 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-10-28 04:07 . 2012-10-28 04:07 -------- d-----w- C:\FRST
    2012-10-28 01:34 . 2012-10-28 17:17 -------- d-----w- c:\users\Sean\AppData\Local\ElevatedDiagnostics
    2012-10-27 22:04 . 2012-10-27 22:04 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
    2012-10-27 22:04 . 2012-10-27 22:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-27 22:04 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-27 22:04 . 2012-10-27 22:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-27 21:10 . 2012-10-27 21:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-10-21 18:21 . 2012-09-25 06:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-16 00:51 . 2012-10-16 00:51 -------- d-----w- c:\program files (x86)\AGD Interactive
    2012-10-11 06:47 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-10-11 06:47 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-10-11 06:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-10-11 06:47 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-11 06:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-10-11 06:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-10-10 17:22 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 17:22 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 17:22 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 17:22 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 17:22 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-10-10 17:22 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 17:22 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-10 17:22 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 17:22 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 17:21 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 17:21 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 17:21 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 17:21 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 17:21 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 17:21 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 04:50 . 2010-11-12 07:56 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 14:45 . 2012-04-11 14:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 14:45 . 2011-05-15 17:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-20 23:02 . 2012-09-20 23:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL
    2012-09-01 20:53 . 2012-06-13 23:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-01 20:53 . 2010-12-02 19:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-01 20:40 . 2012-09-01 20:41 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-01 20:40 . 2012-09-01 20:42 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-09-01 20:40 . 2012-09-01 20:41 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-09-01 20:40 . 2012-09-01 20:41 188904 ----a-w- c:\windows\system32\java.exe
    2012-09-01 20:40 . 2012-09-01 20:42 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-01 20:40 . 2012-09-01 20:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-24 22:43 . 2012-08-24 22:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-08-24 11:15 . 2012-09-22 17:17 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 17:17 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 17:17 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 17:17 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 17:17 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 17:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 17:17 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 17:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 17:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 17:17 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 17:17 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 17:17 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 17:17 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 17:17 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 17:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 17:17 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 17:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 17:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 17:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 17:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 17:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 17:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 09:16 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 09:16 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 09:16 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:01 . 2012-09-15 08:30 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01 . 2010-11-11 02:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 20:01 . 2010-11-11 02:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-11 06:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-09 01:45 . 2010-11-11 01:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-11-24 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "wave3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-11 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-11 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-12 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-03-18 74320]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-03-18 13392]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-10-14 121424]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:45]
    .
    2012-10-30 c:\windows\Tasks\DriverUpdate Startup.job
    - c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 16:08]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 01:45]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 01:45]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001Core.job
    - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 01:07]
    .
    2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001UA.job
    - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 01:07]
    .
    2012-11-01 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - ExtSQL: 2012-09-01 14:07; DeviceDetection@logitech.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\DeviceDetection@logitech.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-3089692217.movielocker.com - c:\program files (x86)\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-793335173-2078993848-683706515-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:d0,34,6a,a6,87,04,70,19,38,01,aa,60,23,44,a1,6f,c6,7f,ae,ae,bd,a3,ab,
    10,39,84,c9,20,a2,5e,39,a4,5a,64,40,0c,1c,41,8a,53,c7,9c,21,57,b7,87,c0,cb,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-01 00:52:23
    ComboFix-quarantined-files.txt 2012-11-01 07:52
    .
    Pre-Run: 62,075,543,552 bytes free
    Post-Run: 61,592,162,304 bytes free
    .
    - - End Of File - - 7928C542205954344549701B6AB9D1E1
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent (y)


    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, go back to OTL and paste it in the Custom Scans/Fixes box:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it usually opens two notepad windows. OTL.Txt (Displayed on screen) and Extras.Txt (minimized). These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of OTL.txt and paste it to your next reply. I will let you know if I need the Extras.txt.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  20. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    OTL logfile created on: 11/1/2012 7:07:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.37% Memory free
    8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.18% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 57.20 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
    Drive E: | 186.31 Gb Total Space | 1.26 Gb Free Space | 0.68% Space Free | Partition Type: NTFS
    Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 698.64 Gb Total Space | 0.06 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
    Drive I: | 931.28 Gb Total Space | 1.18 Gb Free Space | 0.13% Space Free | Partition Type: FAT32
    Drive J: | 1397.26 Gb Total Space | 0.78 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
    Drive K: | 14.91 Gb Total Space | 14.90 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

    Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/01 19:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/11/10 23:52:57 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
    MOD - [2009/06/29 11:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/05/06 02:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/26 21:01:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/09 07:45:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
    SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/11/10 23:52:57 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/11/10 17:45:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/11/10 17:29:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/14 11:05:22 | 000,121,424 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
    DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/03/18 02:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2010/03/18 01:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2010/03/18 01:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/03/15 03:32:56 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD D3 85 72 75 90 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
    FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9
    FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 09:15:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/23 09:00:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components [2012/10/29 16:40:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 21:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 21:01:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 21:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 21:01:12 | 000,000,000 | ---D | M]

    [2012/06/16 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
    [2011/03/05 12:35:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/11/01 00:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions
    [2012/10/15 15:18:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/08/27 22:34:47 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/11/01 00:32:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/09/01 14:07:22 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\DeviceDetection@logitech.com
    [2012/10/26 21:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/23 09:00:40 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/10/26 21:01:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/30 07:21:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/13 15:31:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.msn.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.msn.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Sean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: ifriends = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdkpdbfegccaffojmicomeamflpeplf\1.0_0\
    CHR - Extension: YouTube = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: iFriends-PureHD = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdianmhoioajnfaipbcgfjcihmooojl\1.0_0\
    CHR - Extension: Get Flash = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\innejflndneacnpgjkdhejmejgpnhfgf\1.0.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/29 12:21:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA45B2FF-91A3-4326-B67E-E2B5DC938D04}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/14 02:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2009/02/06 17:34:36 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
    O32 - AutoRun File - [2010/07/01 03:10:22 | 000,000,000 | R--D | M] - J:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  21. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/01 19:05:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
    [2012/11/01 07:41:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/01 07:27:45 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{32A6D155-5C59-4FDB-B90F-0658EBDC85E1}
    [2012/10/31 23:25:34 | 036,673,312 | ---- | C] (Microsoft Corporation) -- C:\Users\Sean\Documents\USMoneyBizSunset.exe
    [2012/10/30 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{C227883A-96A3-4C96-B57E-997938EFA40C}
    [2012/10/30 19:04:45 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\RK_Quarantine
    [2012/10/29 16:16:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\AVG
    [2012/10/29 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/10/29 16:14:59 | 000,000,000 | --SD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/10/29 15:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/29 15:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/29 15:24:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/29 15:24:45 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/29 15:24:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/29 15:24:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/29 15:24:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/29 15:24:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/29 15:24:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/29 15:24:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/29 15:24:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/29 15:24:40 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/29 15:24:40 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/29 15:24:40 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/29 15:24:40 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/29 15:24:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/29 15:24:40 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/29 15:24:40 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/29 15:24:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/29 15:24:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/29 15:24:39 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/29 15:24:39 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/29 15:24:39 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/29 15:24:39 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/29 15:23:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/29 15:23:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 12:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/29 11:59:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/29 11:59:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/29 11:59:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/29 11:55:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/29 11:55:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/29 11:43:06 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
    [2012/10/29 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5F1B2A7B-AACF-4E01-B9B4-93C1058964E2}
    [2012/10/28 09:59:22 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012/10/28 09:31:52 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{8D76F073-848F-4E4D-B8CD-2745DEAF9737}
    [2012/10/27 21:07:47 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/27 18:34:22 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\ElevatedDiagnostics
    [2012/10/27 15:04:36 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes
    [2012/10/27 15:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/27 15:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/27 15:04:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/27 15:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/27 14:10:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/10/26 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/21 11:21:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012/10/21 11:21:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012/10/21 11:21:07 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2012/10/20 14:29:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E3BBB0F3-4683-49E2-83A9-7FB6BA5F3511}
    [2012/10/18 08:32:11 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{B9A39449-E37E-49FF-B9E6-B2DB7E048C44}
    [2012/10/15 17:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive
    [2012/10/15 17:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGD Interactive
    [2012/10/10 23:48:59 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/10/10 23:48:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/10/10 23:48:56 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/10/10 23:48:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/10/10 23:48:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/10/10 23:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/10/10 23:48:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/10/10 23:48:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/10/10 23:48:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/10/10 23:48:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/10/10 23:48:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/10/10 23:48:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/10/10 23:48:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 23:48:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 23:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 23:48:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 23:48:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 23:48:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 23:48:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 23:48:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 23:48:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 23:48:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 23:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 23:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 23:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 23:48:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 23:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 23:48:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 23:48:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 23:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 23:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 23:48:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/10/10 23:47:52 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
    [2012/10/10 23:47:48 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2012/10/10 23:47:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
    [2012/10/10 10:22:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/10 10:22:23 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/10 10:22:22 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/10 10:22:16 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/10 10:21:57 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/10 10:21:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
  22. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    ========== Files - Modified Within 30 Days ==========

    [2012/11/01 19:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/01 19:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
    [2012/11/01 19:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001UA.job
    [2012/11/01 19:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-793335173-2078993848-683706515-1001Core.job
    [2012/11/01 19:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/11/01 18:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/01 18:10:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/01 09:17:42 | 099,133,670 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/11/01 07:49:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/01 07:49:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/01 07:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/01 07:41:02 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/01 07:39:28 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2012/11/01 07:39:28 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2012/11/01 07:39:28 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2012/11/01 00:38:20 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
    [2012/10/31 23:31:27 | 036,673,312 | ---- | M] (Microsoft Corporation) -- C:\Users\Sean\Documents\USMoneyBizSunset.exe
    [2012/10/31 23:26:39 | 014,081,767 | R--- | M] () -- C:\Users\Sean\My Money Backup_2012-10-31_232639.mbf
    [2012/10/31 23:19:41 | 016,458,032 | R--- | M] () -- C:\Users\Sean\My Money Backup_2012-10-31_231940.mbf
    [2012/10/31 15:00:54 | 016,458,031 | R--- | M] () -- C:\Users\Sean\My Money Backup_2012-10-31_150054.mbf
    [2012/10/30 19:03:23 | 001,584,640 | ---- | M] () -- C:\Users\Sean\Desktop\RogueKiller.exe
    [2012/10/30 06:42:22 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
    [2012/10/30 06:42:03 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
    [2012/10/29 18:15:42 | 000,455,699 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/10/29 16:56:00 | 000,002,044 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/10/29 15:21:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/29 12:21:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/27 17:05:39 | 000,739,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/27 17:05:39 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/27 17:05:39 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/27 14:30:59 | 003,555,328 | ---- | M] () -- C:\Users\Sean\Documents\My Money2.mny
    [2012/10/27 14:29:51 | 003,555,328 | ---- | M] () -- C:\Users\Sean\Documents\My Money1.mny
    [2012/10/27 14:24:12 | 003,383,296 | ---- | M] () -- C:\Users\Sean\Documents\My Money1.M16
    [2012/10/27 14:23:44 | 003,383,296 | ---- | M] () -- C:\Users\Sean\Documents\My Money.mny
    [2012/10/09 07:45:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/10/09 07:45:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/10/06 22:21:24 | 320,645,843 | ---- | M] () -- C:\Users\Sean\Desktop\rumble3.mp4

    ========== Files Created - No Company Name ==========

    [2012/10/31 23:26:39 | 014,081,767 | R--- | C] () -- C:\Users\Sean\My Money Backup_2012-10-31_232639.mbf
    [2012/10/31 23:19:41 | 016,458,032 | R--- | C] () -- C:\Users\Sean\My Money Backup_2012-10-31_231940.mbf
    [2012/10/31 15:00:54 | 016,458,031 | R--- | C] () -- C:\Users\Sean\My Money Backup_2012-10-31_150054.mbf
    [2012/10/30 19:03:20 | 001,584,640 | ---- | C] () -- C:\Users\Sean\Desktop\RogueKiller.exe
    [2012/10/29 11:59:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/29 11:59:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/29 11:59:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/29 11:59:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/29 11:59:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/28 10:04:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/10/27 14:29:50 | 003,555,328 | ---- | C] () -- C:\Users\Sean\Documents\My Money2.mny
    [2012/10/27 14:28:55 | 003,383,296 | ---- | C] () -- C:\Users\Sean\Documents\My Money1.M16
    [2012/10/27 14:23:43 | 003,555,328 | ---- | C] () -- C:\Users\Sean\Documents\My Money1.mny
    [2012/10/27 14:22:14 | 003,432,448 | ---- | C] () -- C:\Users\Sean\Documents\My Money.M15
    [2012/10/06 22:16:34 | 320,645,843 | ---- | C] () -- C:\Users\Sean\Desktop\rumble3.mp4
    [2012/09/23 01:53:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/02/19 16:31:19 | 000,007,628 | ---- | C] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
    [2012/02/11 17:46:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/05/19 08:12:23 | 000,003,584 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/15 23:10:01 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
    [2010/11/11 00:23:01 | 000,000,092 | ---- | C] () -- C:\Users\Sean\AppData\Local\fusioncache.dat
    [2010/11/10 23:54:47 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/10 23:52:59 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/11/10 23:52:57 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/11/10 23:52:57 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/11/10 20:37:06 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/11/10 20:37:05 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/11/10 20:37:05 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/11/10 20:37:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/11/10 20:37:04 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/11/10 18:39:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/10 17:28:39 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/11/10 17:28:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD2500JB-00GVA0 ATA Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD2000JB-00GVC0 ATA Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD5000AACS-00G8B1 ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: Seagate FreeAgentDesktop USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: CENTON DS Pro USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE5 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: WD 10EADS External USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE6 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: WD Ext HDD 1021 USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: MS-DOS V4 Huge
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 233.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 186.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #2, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #2, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #3, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 699.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #4, Partition #0
    PartitionType: 16-bit FAT
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 15.00GB
    Starting Offset: 0
    Hidden sectors: 0


    DeviceID: Disk #5, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 932.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #6, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 1,397.00GB
    Starting Offset: 1048576
    Hidden sectors: 0

    [2010/11/10 20:44:25 | 000,000,000 | -H-D | M] -- C:\Users\Sean\AppData\Local\Microsoft\Media Player\Art Cache
    [2012/07/31 09:59:58 | 000,000,000 | RH-D | M] -- C:\Users\Sean\AppData\Local\Microsoft\Windows\Burn\Burn
    [2010/11/10 17:33:30 | 000,000,000 | -H-D | M] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\IETldCache\Low
    [2010/11/12 10:27:28 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
    [2010/11/15 23:05:50 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
    [2010/11/10 17:14:41 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
    [2010/11/15 23:16:01 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Shadow Files Cache
    [2010/11/15 23:09:57 | 000,000,000 | -H-D | M] -- C:\Windows\SysNative\GroupPolicy

    < %systemroot%\system32\sysprep >

    < c:\*.xpi /s /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %appdata%\*.* >

    < MD5 for: AFD.SYS >
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Sean\Desktop\Family Guy - Its a Trap.avi:TOC.WMV
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC

    < End of report >
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  24. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
    C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xifnbl6a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
    C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdkpdbfegccaffojmicomeamflpeplf\1.0_0 folder moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
    C:\Users\Sean\AppData\Local\{32A6D155-5C59-4FDB-B90F-0658EBDC85E1} folder moved successfully.
    C:\Users\Sean\AppData\Local\{C227883A-96A3-4C96-B57E-997938EFA40C} folder moved successfully.
    C:\Users\Sean\AppData\Local\{5F1B2A7B-AACF-4E01-B9B4-93C1058964E2} folder moved successfully.
    C:\Users\Sean\AppData\Local\{8D76F073-848F-4E4D-B8CD-2745DEAF9737} folder moved successfully.
    C:\Users\Sean\AppData\Local\{E3BBB0F3-4683-49E2-83A9-7FB6BA5F3511} folder moved successfully.
    C:\Users\Sean\AppData\Local\{B9A39449-E37E-49FF-B9E6-B2DB7E048C44} folder moved successfully.
    ADS C:\ProgramData\TEMP:364682BC deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Sean\Desktop\cmd.bat deleted successfully.
    C:\Users\Sean\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sean
    ->Temp folder emptied: 1883649 bytes
    ->Temporary Internet Files folder emptied: 970251126 bytes
    ->Java cache emptied: 403554 bytes
    ->FireFox cache emptied: 878321151 bytes
    ->Google Chrome cache emptied: 255446120 bytes
    ->Apple Safari cache emptied: 42651648 bytes
    ->Flash cache emptied: 389177 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 74496 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 2,050.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11022012_170114

    Files\Folders moved on Reboot...
    C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  25. Holden75

    Holden75 Newcomer, in training Topic Starter Posts: 36

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46Y5SQMV\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
    E:\Downloads\Install_AIM_5.5.3595.exe Win32/Adware.WBug.A application cleaned by deleting - quarantined
    E:\Downloads\PlayFLV.exe Win32/TrojanDownloader.Adload.NIQ trojan cleaned by deleting - quarantined
    E:\Downloads\InterVideo.WinDVD.6.Platinum.keygen\keygen.exe probably a variant of Win32/Agent.LHPKIKX trojan cleaned by deleting - quarantined
    E:\Downloads\Video Strip Poker (Vsp) - Crack 1.42 & Upgrade\Video Strip Poker (VSP) - Crack 1.42 & upgrade\vsp_upgrade_142.exe probably a variant of Win32/Agent.FOSBCKS trojan cleaned by deleting - quarantined
    J:\Downloads\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
    J:\Downloads\XvidSetup(2).exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.