Solved Antivirus pro 2006; WinSpyProtect; Bifrost all on previously clean machine

pot1234Dreadlox

Posts: 106   +0
Broni - me again! The first nachine you helped us with came up with a warning about the above this morning....I can think of a few choice words about how I feel... Total Defense picked them up and quarantined them.... 3 times ... so much for getting rid of them... I have done the standard logs and will post them. All computers are off-line and I am posting this on a clean non-networked machine. Once again (wow) thanks in advance!! :):)
Just had a thought - the infected machine runs XP emulation under W7 professional...should we uninstall it???


MalwareBytes log
aMalwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.18.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: NORTH [administrator]
Protection: Enabled
18/06/2012 19:25:50
mbam-log-2012-06-18 (19-25-50).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 967769
Time elapsed: 6 hour(s), 55 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER log - BTW, it didn't have all the boxes checked...they were greyed out....

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-19 13:46:43
Windows 6.1.7601 Service Pack 1
Running: pu82zy4i.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683122326
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683122326 (not active ControlSet)
---- Files - GMER 1.0.15 ----
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\2levac.gif 1702 bytes
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\banpapers.gif 5468 bytes
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\contacts.gif 867 bytes
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\ifla1.gif 3470 bytes
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\search.gif 991 bytes
File E:\NHP_HDrive-start to organise 2012 on\NorthbridgeHistoryHDrive-incomplete\FMorel\1.Northbridge History Project\models\Local (or community) history in Australia supporting cultural heritage - 65th IFLA Council and General Conference - Conference Programme and Proceedings_files\spacer.gif 828 bytes
---- EOF - GMER 1.0.15 ----
 
DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by User at 13:47:41 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.3693 [GMT 8:00]
.
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\CA\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC9SWK.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Total Defense Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Windows\system32\VetRedir.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{510B9C32-66D5-463C-B827-A032DE239661} : DhcpNameServer = 10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
Notify: PFW - UmxWnp.Dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]
R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys --> C:\Windows\system32\DRIVERS\kmxfw.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]
R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]
R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys --> C:\Windows\system32\DRIVERS\KmxFile.sys [?]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys --> C:\Windows\system32\DRIVERS\KmxFilter.sys [?]
R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2011-8-19 291656]
R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2011-8-19 312656]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-3-7 287280]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-9-5 210024]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-6-11 107848]
R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys --> C:\Windows\system32\DRIVERS\KmxCF.sys [?]
R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys --> C:\Windows\system32\DRIVERS\KmxSbx.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2011-9-5 90864]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ExtremeVSSService;Extreme VSS Service;C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe [2012-6-14 3196800]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
S3 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2011-8-19 263504]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
.
=============== Created Last 30 ================
.
2012-06-18 21:40:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\offreg.dll
2012-06-15 07:15:02 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\mpengine.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 03:42:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-14 09:15:12 -------- d-----w- C:\Users\User\AppData\Local\Secunia PSI
2012-06-14 09:15:00 -------- d-----w- C:\Program Files (x86)\Secunia
2012-06-14 07:39:15 -------- d-----w- C:\Program Files\WOT
2012-06-14 07:39:15 -------- d-----w- C:\Program Files (x86)\WOT
2012-06-14 07:35:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 07:35:45 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-13 15:27:42 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-13 15:03:44 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-13 15:01:31 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-13 14:54:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:54:24 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 14:54:24 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:54:08 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 14:54:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:54:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 14:54:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:53:59 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 14:53:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 14:53:55 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 14:53:50 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 14:53:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 14:53:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 14:53:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 14:53:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 14:53:40 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 14:53:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-11 19:10:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-11 19:06:31 16712 ----a-w- C:\Windows\System32\drivers\PROCEXP113.SYS
2012-06-11 05:27:41 -------- d-----w- C:\Application Data
2012-06-10 18:34:47 -------- d-----w- C:\Program Files\HitmanPro
2012-06-10 18:12:54 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-06-10 18:00:26 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-10 17:13:16 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-06-10 17:13:15 -------- d-----w- C:\Program Files\Prevx
2012-06-10 17:12:27 237072 ------w- C:\Windows\SysWow64\MpSigStub.exe
2012-06-10 17:12:16 -------- d-----w- C:\ProgramData\PrevxCSI
2012-06-08 11:05:54 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-08 11:05:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-08 11:05:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-08 11:05:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 11:03:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 10:48:05 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-08 10:20:01 -------- d-----w- C:\ProgramData\B7E858A7000083BB00006F7BB4EB2331
2012-06-05 03:06:22 -------- d-----w- C:\Users\User\AppData\Roaming\MyPublisher
2012-06-05 03:06:22 -------- d-----w- C:\Program Files (x86)\MyPublisher
2012-06-01 09:12:29 -------- d-----w- C:\Program Files (x86)\Timios
2012-06-01 04:32:28 -------- d-----w- C:\Users\User\.RationalPlan
2012-05-25 03:14:14 -------- d-----w- C:\ProgramData\AMD
2012-05-25 03:14:13 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-05-25 03:14:05 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-25 03:06:47 -------- d-----w- C:\AMD
2012-05-21 07:47:50 -------- d-----w- C:\ProgramData\Licenses
2012-05-21 07:47:49 -------- d-----w- C:\Program Files\Classic Menu for Office 2010
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 09:51:46 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-18 12:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 12:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 14:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-05 14:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-05 14:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 14:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-05 14:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 14:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-05 14:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-05 14:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-04-05 14:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-27 09:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-21 07:55:16 2886656 ----a-w- C:\Windows\System32\RCoRes64.dat
.
============= FINISH: 13:49:12.95 ===============

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/08/2011 11:06:05
System Uptime: 18/06/2012 15:32:26 (22 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 956.765 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 931 GiB total, 806.823 GiB free.
G: is FIXED (NTFS) - 298 GiB total, 170.36 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5
Service: RTL8167
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Digital Editions
Adobe Story
Adobe Widget Browser
Aiseesoft iPad 2 to Computer Transfer Ultimate 6.1.26
Aiseesoft iPad Converter Suite
Apple Application Support
Apple Software Update
AVI Splitter
Backup and Migration
BookCAT
CA PC Tune-Up 3.0.0.2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DNAMigrator
Dropbox
EndNote 9.0.1 Volume License Edition
EndNote X3
ESET Online Scanner v3
Google Book Downloader
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GooReader
HandBrake 0.9.5
Intel(R) Management Engine Components
Intel(R) Processor ID Utility
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 91xx console driver
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Scan
Parental Controls
PDF Settings CS5
PxMergeModule
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
ResearchSoft Direct Export Helper
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Super Flexible File Synchronizer 5.56a
Sweet Home 3D version 3.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
15/06/2012 23:55:45, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
15/06/2012 23:55:45, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
15/06/2012 23:55:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
15/06/2012 19:51:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
15/06/2012 11:56:13, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
14/06/2012 20:03:58, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
14/06/2012 18:29:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user NORTH\User SID (S-1-5-21-2889345744-3964579421-1802933252-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/06/2012 18:29:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user NORTH\User SID (S-1-5-21-2889345744-3964579421-1802933252-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/06/2012 15:17:13, Error: Service Control Manager [7034] - The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).
13/06/2012 22:36:39, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/06/2012 02:58:02, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
12/06/2012 02:55:59, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/06/2012 02:54:29, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/06/2012 02:48:49, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s).
12/06/2012 02:37:24, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:37:24, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:32:19, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/06/2012 02:32:19, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
12/06/2012 02:25:15, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/06/2012 02:25:14, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/06/2012 02:25:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/06/2012 02:17:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
12/06/2012 02:12:06, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
12/06/2012 02:12:06, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/06/2012 02:12:06, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/06/2012 02:12:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
12/06/2012 02:10:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
12/06/2012 02:09:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
12/06/2012 01:52:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/06/2012 01:52:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/06/2012 01:49:38, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/06/2012 01:48:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/06/2012 01:48:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/06/2012 01:48:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/06/2012 01:48:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/06/2012 01:48:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent KmxCfg KmxFile KmxFilter KmxFw spldr vpcvmm Wanarpv6
12/06/2012 01:48:21, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
 
What are the current issues?

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Will go and do this now.
Issues: Antivirus pro 2006; WinSpyProtect; Bifrost were all being detected by Total Defense....
It took ages to remove Total Defense before using the app remover....over 12 hours, so it might take me a while to get back on this post. :(
Will need some advice as to how to reinstall Total Defense if you can give it.....:confused:
Thank you for all your help, Broni...it is really great.... DL
 
Whoops! had a blue screen of death during uninstall but have rebooted and uninstall of ca has completed. will post combofix logs etc as soon as done.
 
here is the ComboFix log
- DL

ComboFix 12-06-19.03 - User 20/06/2012 14:22:35.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.4818 [GMT 8:00]
Running from: c:\users\User\Desktop\broni-north\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 06:25 . 2012-06-20 06:25 -------- d-----w- c:\users\User\AppData\Local\temp
2012-06-20 06:25 . 2012-06-20 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 14:10 . 2012-06-18 14:10 -------- d-----w- c:\users\Public\EmailTransfer
2012-06-15 07:15 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6E08CF5-BA72-4CFE-A7AD-28286F374FEC}\mpengine.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-15 03:42 . 2012-06-15 03:42 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-14 12:07 . 2012-06-14 12:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\program files (x86)\Secunia
2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files\WOT
2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files (x86)\WOT
2012-06-14 07:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 07:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\program files (x86)\ESET
2012-06-13 15:04 . 2012-06-13 15:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-13 15:03 . 2012-06-13 15:03 -------- d-----w- c:\program files (x86)\Oracle
2012-06-13 15:01 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-13 14:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 14:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 14:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 14:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:53 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:53 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 14:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:53 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 14:53 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 14:53 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 05:27 . 2012-06-11 05:27 -------- d-----w- C:\Application Data
2012-06-10 18:34 . 2012-06-10 18:43 -------- d-----w- c:\program files\HitmanPro
2012-06-10 18:12 . 2012-06-10 18:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-10 18:00 . 2012-06-12 07:21 -------- d-----w- c:\programdata\HitmanPro
2012-06-10 17:13 . 2012-06-10 17:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-10 17:13 . 2012-06-10 17:13 -------- d-----w- c:\program files\Prevx
2012-06-10 17:12 . 2012-02-23 02:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-06-10 17:12 . 2012-06-11 09:32 -------- d-----w- c:\programdata\PrevxCSI
2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-06-08 11:05 . 2012-06-20 05:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 11:03 . 2012-06-11 09:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 10:48 . 2012-06-08 10:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-08 10:20 . 2012-06-08 10:26 -------- d-----w- c:\programdata\B7E858A7000083BB00006F7BB4EB2331
2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\users\User\AppData\Roaming\MyPublisher
2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\program files (x86)\MyPublisher
2012-06-01 04:32 . 2012-06-01 07:12 -------- d-----w- c:\users\User\.RationalPlan
2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\programdata\ATI
2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\programdata\AMD
2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-25 03:14 . 2012-05-25 03:14 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-25 03:06 . 2012-05-25 03:06 -------- d-----w- C:\AMD
2012-05-21 07:47 . 2012-05-21 07:47 -------- d-----w- c:\programdata\Licenses
2012-05-21 07:47 . 2012-05-21 07:47 -------- d-----w- c:\program files\Classic Menu for Office 2010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:51 . 2012-04-14 03:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:29 . 2011-09-14 12:05 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-12-23 14:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-12-23 14:21 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-08-05 06:37 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-12-23 14:21 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-12-23 14:21 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-04-05 13:20 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-12-23 14:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-04-19 17:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-23 14:21 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 14:34 . 2012-04-05 14:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 14:34 . 2012-04-05 14:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 14:34 . 2012-04-05 14:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 14:33 . 2012-04-05 14:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 14:33 . 2012-04-05 14:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 14:33 . 2012-04-05 14:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 14:32 . 2012-04-05 14:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 14:32 . 2012-04-05 14:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 14:32 . 2012-04-05 14:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-30 11:35 . 2012-05-10 09:53 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ExtremeVSSService;Extreme VSS Service;c:\program files (x86)\SuperFlexible\ExtremeVSS.exe [2011-09-20 3196800]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-06-10 107848]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 10.1.1.1
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-OfficeSyncProcess - c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
Notify-PFW - (no file)
AddRemove-dm - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-pc - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-{1367D815-EC9F-4e2f-9FB9-E40A075AD19B} - c:\program files\CA\CA Internet Security Suite\caunst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-20 14:26:51
ComboFix-quarantined-files.txt 2012-06-20 06:26
.
Pre-Run: 1,027,275,403,264 bytes free
Post-Run: 1,027,853,578,240 bytes free
.
- - End Of File - - 3F0755EBA87DC862AF755A76ED37CABE
 
Why do you want remove it?

Issues: Antivirus pro 2006; WinSpyProtect; Bifrost were all being detected by Total Defense....
What files and what location are we talking about as I don't see anything malicious?
 
Sorry, Broni, I thought you wanted to know what the original issues were....

I'll go and see if I can find the targets under CA and let you know... just in case


I don't want to remove XP, although I don't use it much, but thought that it might be the source of infection as it doesn't have its own antivirus and was being used for web browsing :confused: ....
 
Broni, CA seems to have disappeared ! I have checked it and is not installed but gives me an error message if I try to reinstall. The machine network map says it is connected to the internet but neither iexplorer nor firefox will open. Seems to be the same problem as the other machine, so I did an FSS log, see attached. Hope that's okay...DL :( Hope we can solve this soon, very frustrating!!

FSS log
Farbar Service Scanner Version: 19-06-2012 01
Ran by User (administrator) on 23-06-2012 at 14:13:58
Running from "F:\broni-fmbaby"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Broni, may I reopen this? The computer is now connected to the internet but when I did the combofix and RDKill as advised previously it came up with the blue screen of death showing KmxAMRT.sys as an imageable instead of a non-imageable ... whatever that means. The RDkill didn't give me a log but I did get one from the ComboFix which I will post below; understand if this needs to be a new thread.... thanks, DL.

Combofix log
ComboFix 12-06-26.02 - User 27/06/2012 19:12:46.7.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6121.5368 [GMT 8:00]
Running from: c:\users\User\Desktop\broni-north\fm.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 11:17 . 2012-06-27 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 11:06 . 2012-06-27 11:09 -------- d-----w- C:\1c2b833cec5329050a01e056cb
2012-06-27 11:02 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 10:51 . 2012-06-27 10:54 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2012-06-27 10:44 . 2012-06-27 11:17 -------- d-----w- c:\users\User\AppData\Local\temp
2012-06-27 06:01 . 2012-06-27 06:01 2524176 ----a-w- c:\windows\system32\winsflt.dll
2012-06-27 06:01 . 2012-06-27 06:01 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll
2012-06-27 06:01 . 2011-06-29 06:23 289296 ----a-w- c:\windows\SysWow64\winsfinst_x64.exe
2012-06-27 05:46 . 2012-06-27 05:46 -------- d-----w- c:\program files\Total Defense
2012-06-24 06:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 06:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 06:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 06:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 06:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 06:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 06:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 06:02 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 06:02 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 06:12 . 2012-06-23 06:12 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2012-06-23 06:12 . 2012-06-23 06:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-23 06:10 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{102A868C-8AC1-42E9-A013-D6985BFD5558}\mpengine.dll
2012-06-18 14:10 . 2012-06-18 14:10 -------- d-----w- c:\users\Public\EmailTransfer
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 03:42 . 2012-06-15 03:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-15 03:42 . 2012-06-15 03:42 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-14 12:07 . 2012-06-14 12:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2012-06-14 09:15 . 2012-06-14 09:15 -------- d-----w- c:\program files (x86)\Secunia
2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files\WOT
2012-06-14 07:39 . 2012-06-14 07:39 -------- d-----w- c:\program files (x86)\WOT
2012-06-14 07:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 07:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\program files (x86)\ESET
2012-06-13 15:04 . 2012-06-13 15:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-13 15:03 . 2012-06-13 15:03 -------- d-----w- c:\program files (x86)\Oracle
2012-06-13 15:01 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-13 14:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 14:54 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:53 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 14:53 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 14:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:53 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:53 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 14:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:53 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 14:53 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 14:53 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 05:27 . 2012-06-11 05:27 -------- d-----w- C:\Application Data
2012-06-10 18:34 . 2012-06-23 06:10 -------- d-----w- c:\program files\HitmanPro
2012-06-10 18:12 . 2012-06-10 18:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-10 18:00 . 2012-06-12 07:21 -------- d-----w- c:\programdata\HitmanPro
2012-06-10 17:13 . 2012-06-10 17:13 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-10 17:13 . 2012-06-10 17:13 -------- d-----w- c:\program files\Prevx
2012-06-10 17:12 . 2012-02-23 02:18 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-06-10 17:12 . 2012-06-11 09:32 -------- d-----w- c:\programdata\PrevxCSI
2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-06-08 11:05 . 2012-06-27 11:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-08 11:05 . 2012-06-08 11:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 11:03 . 2012-06-11 09:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 10:48 . 2012-06-08 10:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-08 10:20 . 2012-06-08 10:26 -------- d-----w- c:\programdata\B7E858A7000083BB00006F7BB4EB2331
2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\users\User\AppData\Roaming\MyPublisher
2012-06-05 03:06 . 2012-06-05 03:06 -------- d-----w- c:\program files (x86)\MyPublisher
2012-06-01 04:32 . 2012-06-01 07:12 -------- d-----w- c:\users\User\.RationalPlan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:51 . 2012-04-14 03:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:29 . 2011-09-14 12:05 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-12-23 14:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-12-23 14:21 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-08-05 06:37 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-12-23 14:21 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-12-23 14:21 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-04-05 13:20 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-12-23 14:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-04-19 17:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-23 14:21 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 14:34 . 2012-04-05 14:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 14:34 . 2012-04-05 14:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 14:34 . 2012-04-05 14:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 14:33 . 2012-04-05 14:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 14:33 . 2012-04-05 14:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 14:33 . 2012-04-05 14:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 14:32 . 2012-04-05 14:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 14:32 . 2012-04-05 14:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 14:32 . 2012-04-05 14:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-30 11:35 . 2012-05-10 09:53 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-27_10.26.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-27 10:16 . 2012-06-27 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 11:01 . 2012-06-27 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 11:01 . 2012-06-27 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 10:16 . 2012-06-27 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-27 11:05 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 11:05 107382 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:27 . 2012-02-23 02:18 279656 c:\windows\system32\MpSigStub.exe
- 2010-11-21 03:27 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-01-04 06:04 2364496 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2011-09-06 143824]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2011-09-06 87120]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2012-06-13 288336]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
R2 ExtremeVSSService;Extreme VSS Service;c:\program files (x86)\SuperFlexible\ExtremeVSS.exe [2011-09-20 3196800]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-06-26 108392]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2011-09-06 201936]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2011-09-06 81488]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-01-04 06:05 2500688 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2008-09-04 406944]
"cctray"="c:\program files\Total Defense\Internet Security Suite\casc.exe" [2012-06-13 2710608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Qurb {EBA5BE5C}"="" [BU]
"ccube_Uninstall_Lock"="c:\programdata\CA\cacu_001.exe" [2012-06-13 2578512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 10.1.1.1
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ic0x622m.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-27 19:19:09
ComboFix-quarantined-files.txt 2012-06-27 11:19
ComboFix2.txt 2012-06-27 10:44
ComboFix3.txt 2012-06-27 10:27
ComboFix4.txt 2012-06-24 06:13
ComboFix5.txt 2012-06-27 11:12
.
Pre-Run: 1,007,441,186,816 bytes free
Post-Run: 1,007,133,855,744 bytes free
.
- - End Of File - - 3B75A9BB57DCD61CA608191F09512065
 
Yay! - that is a relief I am so GLAD !! Thank you :) ... why is it coming up with the blue screen of death at startup? KmxART.sys. I have searched for this file but there is nothing on the machine. The only change was to retry and reinstall CA so I have tried to uninstall it with no success. Any thoughts on why the blue screen?
 
That file seems to be a part of some CA product.
I can see CA PC Tune-Up 3.0.0.2 installed.


Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif


Attach the file to your next reply.
 
Okay, got it to run in safe mode. Here it is. BTW, the machine says it will connect to the internet...I can see google and search but if I try anything else it just says an error, eg MalwareBytes update says (0,0,Net exception). Don't know if its important but I am unable to get any antivirus on the machine, so am a bit nervous about our friendly virus friends attacking again.....
 

Attachments

  • AutoRuns.txt
    73.2 KB · Views: 1
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Okay, here it is..... BTW, would running farbar be a good idea on the other machine that won't connect to the internet... the one that says 'failed to connect to systems event manager' 'the dependency group failed to start' 'windows could not automatically detect this networks proxy setting'??? okay, so I am probably pushing a friendship here .....:)






Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 19:14:22
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6468712 2012-03-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1158248 2012-03-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1158248 2012-03-08] (Realtek Semiconductor)
HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-09-04] (CANON INC.)
HKLM\...\Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe" [2710608 2012-06-13] (Total Defense, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\User\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2008-09-04] (CANON INC.)
HKLM\...\Runonce: [Qurb {EBA5BE5C}] [x]
HKLM\...\RunOnce: [ccube_Uninstall_Lock] "C:\ProgramData\CA\cacu_001.exe" /cleanup /RunOnce [2578512 2012-06-13] (Total Defense, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-03] (Malwarebytes Corporation)
Winlogon\Notify\PFW:
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
AppInit_DLLs: C:\Windows\System32\UmxSbxExA64.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Services (Whitelisted) ======
3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations)
3 CaCCProvSP; "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" [365136 2012-06-13] (Total Defense, Inc.)
2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288336 2012-06-13] (Total Defense, Inc.)
2 DTSAudioService; "C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe" [210024 2011-05-30] (DTS)
2 ExtremeVSSService; C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe [3196800 2011-09-20] (Super Flexible Software Ltd. & Co. KG)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-06-26] (SurfRight B.V.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 UmxEngine; "C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe" [920656 2011-04-03] (CA)
3 WinSvchostManagerSrv; C:\Windows\SysWOW64\cfgmig32.exe [263504 2011-07-01] ()
2 PCPitstop Scheduling; C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [x]
========================== Drivers (Whitelisted) =============
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [38248 2010-10-26] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [55336 2010-10-26] (Windows (R) Win 7 DDK provider)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [301680 2010-10-26] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [31080 2010-10-26] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [203624 2010-10-26] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [58992 2010-10-26] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [156520 2010-10-26] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-26] (Atheros)
3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2009-02-13] (Conexant Systems, Inc.)
0 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [182352 2011-10-27] (Total Defense)
2 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [201936 2011-09-06] (CA)
1 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [87120 2011-09-06] (CA)
0 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [143824 2011-09-06] (CA)
2 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [81488 2011-09-06] (CA)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [297000 2010-08-27] (Marvell Semiconductor, Inc.)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-27 03:19 - 2012-06-27 03:19 - 00027639 ____A C:\ComboFix.txt
2012-06-27 03:02 - 2012-07-01 02:11 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-27 03:02 - 2012-04-03 23:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 02:51 - 2012-06-27 02:54 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2012
2012-06-26 22:01 - 2012-06-26 22:01 - 02524176 ____A () C:\Windows\System32\winsflt.dll
2012-06-26 22:01 - 2012-06-26 22:01 - 01744912 ____A () C:\Windows\SysWOW64\winsflt.dll
2012-06-26 22:01 - 2011-06-28 22:23 - 00289296 ____A C:\Windows\SysWOW64\winsfinst_x64.exe
2012-06-26 21:46 - 2012-06-26 21:46 - 00000000 ____D C:\Program Files\Total Defense
2012-06-26 21:38 - 2012-06-26 21:45 - 180769088 ____A (Total Defense, Inc.) C:\Users\User\Downloads\issdm_td_en.exe
2012-06-26 21:19 - 2012-06-26 21:25 - 156720112 ____A (CA, inc) C:\Users\User\Desktop\issdm_ca_en2.exe
2012-06-23 23:32 - 2012-06-23 23:07 - 02322184 ____A (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2012-06-23 22:03 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 22:03 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 22:03 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 22:03 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 22:02 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 22:02 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 22:02 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 22:02 - 2012-06-01 23:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 22:02 - 2012-06-01 23:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 23:16 - 2012-06-22 23:17 - 00001136 ____A C:\Users\User\Desktop\Super Flexible File Synchronizer.lnk
2012-06-22 22:12 - 2012-06-22 22:12 - 00001139 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 22:12 - 2012-06-22 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-19 22:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-19 22:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-19 22:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-19 22:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-19 22:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-19 22:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-19 22:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-19 22:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-19 21:33 - 2012-06-19 21:16 - 10142944 ____A (OPSWAT, Inc.) C:\Users\User\Desktop\AppRemover.exe
2012-06-19 21:06 - 2012-06-27 03:19 - 00000000 ____D C:\Qoobox
2012-06-19 21:05 - 2012-06-27 03:09 - 00000000 ____D C:\Users\User\Desktop\broni-north
2012-06-18 19:04 - 2012-06-18 19:04 - 00302592 ____A C:\Users\User\Desktop\gcp548hq.exe.3nwfd2c.partial
2012-06-18 18:42 - 2012-06-18 22:02 - 00000000 ____D C:\Users\User\Desktop\northlog
2012-06-18 06:10 - 2012-06-18 06:10 - 00000000 ____D C:\Users\Public\EmailTransfer
2012-06-15 05:11 - 2012-03-27 03:16 - 00272629 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-06-15 05:11 - 2012-03-27 01:03 - 04015592 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-06-15 05:11 - 2012-03-20 23:55 - 02886656 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-06-15 05:11 - 2012-03-19 18:47 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-06-15 05:11 - 2012-03-19 03:01 - 00102504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-06-15 05:11 - 2012-03-16 00:25 - 02670696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-06-15 05:11 - 2012-03-12 19:21 - 01251432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-06-15 05:11 - 2012-03-07 19:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-06-15 05:11 - 2012-03-07 19:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-06-15 05:11 - 2012-03-06 19:09 - 00824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-06-15 05:11 - 2012-02-21 03:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-06-15 05:11 - 2012-02-20 22:26 - 02528832 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-06-15 05:11 - 2012-02-16 23:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2012-06-15 05:11 - 2012-02-13 08:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2012-06-15 05:11 - 2012-02-13 06:35 - 00978776 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-06-15 05:11 - 2012-01-29 19:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2012-06-15 05:11 - 2012-01-23 06:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2012-06-15 05:11 - 2012-01-23 06:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2012-06-15 05:11 - 2012-01-23 06:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2012-06-15 05:11 - 2012-01-09 18:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2012-06-15 05:11 - 2011-12-19 23:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-06-15 05:11 - 2011-12-19 13:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2012-06-15 05:11 - 2011-12-18 01:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-06-15 05:11 - 2011-12-18 01:58 - 01247576 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-06-15 05:11 - 2011-12-14 21:16 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2012-06-15 05:11 - 2011-12-14 21:16 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2012-06-15 05:11 - 2011-12-14 21:16 - 00137056 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2012-06-15 05:11 - 2011-12-14 21:16 - 00120160 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2012-06-15 05:11 - 2011-12-14 21:16 - 00075104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2012-06-14 19:42 - 2012-06-26 21:17 - 00000992 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 19:42 - 2012-06-14 19:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-14 01:42 - 2012-06-14 01:42 - 00022016 ____A C:\Users\User\Downloads\TRS - 24 04 12 - 26 04 12.xls
2012-06-14 01:15 - 2012-06-14 01:15 - 00000000 ____D C:\Users\User\AppData\Local\Secunia PSI
2012-06-14 01:15 - 2012-06-14 01:15 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-06-13 23:39 - 2012-06-13 23:39 - 00000000 ____D C:\Program Files\WOT
2012-06-13 23:39 - 2012-06-13 23:39 - 00000000 ____D C:\Program Files (x86)\WOT
2012-06-13 23:35 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 23:35 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 18:37 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 18:37 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 18:37 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 18:37 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 18:37 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 18:37 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 18:37 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 18:37 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 18:37 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 18:37 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 18:37 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 18:37 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 18:37 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 18:37 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 18:37 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 18:37 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 18:37 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 18:37 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 18:37 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 18:37 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 18:37 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 18:37 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 18:37 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 18:37 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 18:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 18:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 18:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 18:37 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 07:27 - 2012-06-13 07:27 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-13 07:20 - 2012-06-14 04:01 - 00446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2012-06-13 07:08 - 2012-06-13 07:08 - 00000000 ____D C:\Users\User\Desktop\JavaRa-1.16-16-12-11
2012-06-13 07:08 - 2012-06-13 06:59 - 00160639 ____A C:\Users\User\Desktop\JavaRa-1.16-16-12-11.zip
2012-06-13 07:03 - 2012-06-13 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-13 07:01 - 2012-05-04 03:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-13 07:01 - 2012-05-04 03:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-13 06:54 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 06:54 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 06:54 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 06:54 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 06:54 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 06:54 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 06:54 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 06:53 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 06:53 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 06:53 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 06:53 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 06:53 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 06:53 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 06:53 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 06:53 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 06:53 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 06:53 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 10:40 - 2012-06-27 02:36 - 00000000 ____D C:\Windows\ERDNT
2012-06-10 19:42 - 2012-06-11 01:43 - 04731392 ____A (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
2012-06-10 19:41 - 2012-06-10 19:41 - 00008070 ____A C:\Users\User\Desktop\bookkit.txt
2012-06-10 19:36 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip
2012-06-10 19:34 - 2012-06-10 19:34 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.02iy8t2.partial
2012-06-10 19:33 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Downloads\bootkit_remover.zip
2012-06-10 19:32 - 2012-06-10 19:32 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.xv05p77.partial
2012-06-10 18:34 - 2012-06-10 18:37 - 00000000 ____D C:\Users\User\Desktop\CA probelms
2012-06-10 10:34 - 2012-06-22 22:10 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-10 10:34 - 2012-06-10 10:34 - 00001902 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-06-10 10:12 - 2012-06-10 10:12 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-10 10:00 - 2012-06-11 23:21 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-10 09:13 - 2012-06-10 09:13 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-10 09:13 - 2012-06-10 09:13 - 00000000 ____D C:\Program Files\Prevx
2012-06-10 09:12 - 2012-06-11 01:32 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-06-10 09:12 - 2012-06-10 09:13 - 00000049 ____A C:\Windows\wininit.ini
2012-06-10 09:12 - 2012-02-22 18:18 - 00237072 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MpSigStub.exe
2012-06-10 08:43 - 2012-06-27 03:09 - 00002243 ____A C:\Windows\epplauncher.mif
2012-06-08 03:05 - 2012-07-01 02:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-08 03:03 - 2012-06-11 01:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-08 03:02 - 2012-06-26 03:57 - 00749796 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-08 02:48 - 2012-06-08 02:48 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-08 02:20 - 2012-06-08 02:26 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB00006F7BB4EB2331
2012-06-04 19:07 - 2012-06-04 19:07 - 00001286 ____A C:\Users\User\Desktop\MyPublisher.lnk
2012-06-04 19:06 - 2012-06-04 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\MyPublisher
2012-06-04 19:06 - 2012-06-04 19:06 - 00000000 ____D C:\Program Files (x86)\MyPublisher

============ 3 Months Modified Files ========================
2012-07-01 02:11 - 2012-06-27 03:02 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-30 18:47 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-30 18:43 - 2010-11-20 19:47 - 00156966 ____A C:\Windows\PFRO.log
2012-06-27 03:19 - 2012-06-27 03:19 - 00027639 ____A C:\ComboFix.txt
2012-06-27 03:17 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-27 03:09 - 2012-06-10 08:43 - 00002243 ____A C:\Windows\epplauncher.mif
2012-06-27 03:05 - 2011-08-04 19:07 - 02024441 ____A C:\Windows\WindowsUpdate.log
2012-06-27 02:37 - 2009-07-13 18:34 - 75497472 ____A C:\Windows\System32\config\software.bak
2012-06-27 02:37 - 2009-07-13 18:34 - 21495808 ____A C:\Windows\System32\config\system.bak
2012-06-27 02:37 - 2009-07-13 18:34 - 01048576 ____A C:\Windows\System32\config\default.bak
2012-06-27 02:37 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-27 02:37 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-06-26 22:01 - 2012-06-26 22:01 - 02524176 ____A () C:\Windows\System32\winsflt.dll
2012-06-26 22:01 - 2012-06-26 22:01 - 01744912 ____A () C:\Windows\SysWOW64\winsflt.dll
2012-06-26 22:01 - 2011-08-17 06:14 - 00015261 ____A C:\Windows\System32\FDInstall.log
2012-06-26 21:55 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 21:55 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 21:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 21:48 - 2009-07-13 20:51 - 00053761 ____A C:\Windows\setupact.log
2012-06-26 21:45 - 2012-06-26 21:38 - 180769088 ____A (Total Defense, Inc.) C:\Users\User\Downloads\issdm_td_en.exe
2012-06-26 21:25 - 2012-06-26 21:19 - 156720112 ____A (CA, inc) C:\Users\User\Desktop\issdm_ca_en2.exe
2012-06-26 21:17 - 2012-06-14 19:42 - 00000992 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-26 03:57 - 2012-06-08 03:02 - 00749796 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-23 23:07 - 2012-06-23 23:32 - 02322184 ____A (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2012-06-22 23:17 - 2012-06-22 23:16 - 00001136 ____A C:\Users\User\Desktop\Super Flexible File Synchronizer.lnk
2012-06-22 22:12 - 2012-06-22 22:12 - 00001139 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-20 03:00 - 2011-08-17 04:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-19 21:16 - 2012-06-19 21:33 - 10142944 ____A (OPSWAT, Inc.) C:\Users\User\Desktop\AppRemover.exe
2012-06-19 06:25 - 2011-08-22 05:54 - 02813473 ____A C:\Windows\System32\Drivers\kmxcfg.u2k0
2012-06-19 06:25 - 2011-08-22 05:54 - 00000341 ____A C:\Windows\System32\Drivers\kmxzone.u2k0
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k7
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k6
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k5
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k4
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k3
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k2
2012-06-19 06:25 - 2011-08-22 05:54 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k1
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k7
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k6
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k5
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k3
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k2
2012-06-19 06:25 - 2011-08-22 05:54 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k1
2012-06-19 06:25 - 2011-08-18 23:26 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k4
2012-06-19 06:25 - 2011-08-17 06:26 - 00754164 ____A C:\Windows\System32\Drivers\KmxAgent.asc
2012-06-18 19:04 - 2012-06-18 19:04 - 00302592 ____A C:\Users\User\Desktop\gcp548hq.exe.3nwfd2c.partial
2012-06-15 05:11 - 2011-09-04 22:57 - 00004770 ____A C:\Windows\DPINST.LOG
2012-06-14 04:07 - 2011-09-30 02:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 04:01 - 2012-06-13 07:20 - 00446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2012-06-14 01:42 - 2012-06-14 01:42 - 00022016 ____A C:\Users\User\Downloads\TRS - 24 04 12 - 26 04 12.xls
2012-06-13 23:10 - 2009-07-13 20:45 - 04969504 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 07:01 - 2012-02-10 01:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-13 07:01 - 2012-02-10 01:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-13 06:59 - 2012-06-13 07:08 - 00160639 ____A C:\Users\User\Desktop\JavaRa-1.16-16-12-11.zip
2012-06-11 10:37 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 01:43 - 2012-06-10 19:42 - 04731392 ____A (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
2012-06-10 19:41 - 2012-06-10 19:41 - 00008070 ____A C:\Users\User\Desktop\bookkit.txt
2012-06-10 19:34 - 2012-06-10 19:34 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.02iy8t2.partial
2012-06-10 19:33 - 2012-06-10 19:36 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip
2012-06-10 19:33 - 2012-06-10 19:33 - 00044607 ____A C:\Users\User\Downloads\bootkit_remover.zip
2012-06-10 19:32 - 2012-06-10 19:32 - 00044607 ____A C:\Users\User\Desktop\bootkit_remover.zip.xv05p77.partial
2012-06-10 10:34 - 2012-06-10 10:34 - 00001902 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-06-10 10:12 - 2012-06-10 10:12 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-10 09:13 - 2012-06-10 09:13 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-10 09:13 - 2012-06-10 09:12 - 00000049 ____A C:\Windows\wininit.ini
2012-06-04 19:07 - 2012-06-04 19:07 - 00001286 ____A C:\Users\User\Desktop\MyPublisher.lnk
2012-06-03 21:50 - 2011-08-22 06:55 - 00001015 ____A C:\Users\User\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-23 22:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 22:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 22:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 22:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 22:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 22:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 22:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 23:19 - 2012-06-23 22:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:15 - 2012-06-23 22:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 01:08 - 2012-06-01 01:08 - 18651832 ____A (Experience In Software ) C:\Users\User\Downloads\PKS4Setup.exe
2012-05-21 07:06 - 2011-08-15 22:16 - 00109800 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-17 18:47 - 2012-06-13 18:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 18:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 18:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 18:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 18:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 18:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 18:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 18:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 18:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 18:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 18:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 18:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 18:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 18:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 18:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 18:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 18:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 18:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 18:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 18:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 18:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 18:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 18:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 18:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 18:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 18:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 18:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 18:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 18:50 - 2012-05-16 18:50 - 00001276 ____A C:\Users\User\Desktop\aaaREPORT Literature - Shortcut.lnk
2012-05-14 17:32 - 2012-06-13 06:53 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-05 02:39 - 2012-05-05 02:39 - 00013824 ____A C:\Users\Public\AmercianExpree.xls
2012-05-05 01:51 - 2012-04-13 19:35 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:29 - 2012-06-13 07:01 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 03:29 - 2012-06-13 07:01 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 03:29 - 2011-09-14 04:05 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-13 06:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 23:35 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 06:54 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 06:54 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 23:35 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-13 06:54 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 06:53 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 06:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 06:54 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 06:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 06:53 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 06:53 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 06:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 06:53 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 06:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 06:53 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 20:20 - 2011-09-18 06:32 - 00231424 __ASH C:\Users\User\Documents\Thumbs.db
2012-04-18 04:56 - 2012-04-18 04:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 04:56 - 2012-04-18 04:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-17 20:43 - 2012-04-17 20:43 - 00001364 ____A C:\Users\User\Documents\Bibliography UWA+research files - Shortcut.lnk
2012-04-16 01:53 - 2011-08-22 06:22 - 00002031 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-04-14 21:22 - 2012-04-14 21:22 - 00001276 ____A C:\Users\User\Documents\REPORT Literature - Shortcut.lnk
2012-04-11 02:09 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2012-04-07 04:31 - 2012-06-13 06:53 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 06:53 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2011-12-23 06:21 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2012-04-05 18:20 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2011-12-23 06:21 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2011-08-04 22:37 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2012-04-05 17:54 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2011-12-23 06:21 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2011-12-23 06:21 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2011-12-23 06:21 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2011-12-23 06:21 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2011-04-19 09:21 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2011-04-05 05:20 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 06:34 - 2012-04-05 06:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 06:34 - 2012-04-05 06:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 06:34 - 2012-04-05 06:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 06:33 - 2012-04-05 06:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 06:33 - 2012-04-05 06:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 06:33 - 2012-04-05 06:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 06:32 - 2012-04-05 06:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 06:32 - 2012-04-05 06:32 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-05 06:32 - 2012-04-05 06:32 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
ZeroAccess:
C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}
C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}\L
C:\Users\User\AppData\Local\{e6128d5b-2e23-ec19-2331-6b5dd6497188}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 6120.84 MB
Available physical RAM: 5381.05 MB
Total Pagefile: 6119.04 MB
Available Pagefile: 5366.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (NORTH) (Fixed) (Total:1863.02 GB) (Free:937.95 GB) NTFS
2 Drive e: (NORTH_E_NHP+DPC_Asstd) (Fixed) (Total:931.41 GB) (Free:795.05 GB) NTFS
4 Drive g: (REDBOW_4GB) (Removable) (Total:3.73 GB) (Free:2.06 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 1863 GB 0 B
Disk 2 Online 3828 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NORTH_E_NHP NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NORTH NTFS Partition 1863 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 4032 KB
==================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G REDBOW_4GB FAT32 Removable 3824 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-18 11:00
======================= End Of Log ==========================
 
would running farbar be a good idea on the other machine that won't connect to the internet... the one that says 'failed to connect to systems event manager' 'the dependency group failed to start' 'windows could not automatically detect this networks proxy setting'???
Farbar tool is not designed for fixing internet connection.
Also, one computer per topic.

I don't see KmxART.sys being present but I definitely see some items from CA Total Defense.

Try Revo uninstaller to uninstall it and then reinstall.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the program you want to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish.
 
Broni, yep, thought you might say that about Farbar.... thanks for being so courteous about the request. I suppose I should try that in the Windows forum??

Re the Revo can I run this from safe mode?
 
Well, previously I could only start that machine in safe mode because the .sys file kept coming up on the blue screen of death. I guess I'm a bit nervous about it.... if you think its okay, I'll go ahead with a normal start after you let me know if it is okay.....
 
Back