Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: trojan dropper.generic c.MMI removal complete ?


(!)

Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
06-Jul-2012, 06:06 PM #1
trojan dropper.generic c.MMI removal complete ?
Heya,

yesterday my avg found that my computer was infected with

trojan horse dropper.generic c.MMI in my services.exe


avg could not remove it as the file was whitelisted
after i finally managed to remove it with running in safe mode and running a sfc /scannow

i cleaned up other infections with avg ,malewarebytes, spybot and superantispyware

which seems to have removed everything so far
i would like to know if there are any infections left that those programms where not able to find and remove

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:53 PM, on 7/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Yuki\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2629174495-3191888799-3413499157-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2629174495-3191888799-3413499157-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12377 bytes




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Yuki at 17:03:05 on 2012-07-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.5544 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDClock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDCountdown.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Yuki\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [NCsoft]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{021F648F-DFA0-4100-8F56-F95A5A4F3129} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr& d=2011-10-12%2017%3A54%3A16&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Yuki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\ext ensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\ext ensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-10-12 68136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-29 2348352]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-12 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257224]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-12 30528]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-06 20:50:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{D45E8599-E474-4594-B5A5-1AE641AA0DCA}
2012-07-06 20:50:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{3F04CE78-DD69-4BDB-8819-49094F9B5B99}
2012-07-06 01:48:28 -------- d-----w- C:\Users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
2012-07-06 01:48:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-06 01:48:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-06 01:25:09 -------- d-----w- C:\Users\Yuki\AppData\Roaming\Malwarebytes
2012-07-06 01:25:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-06 01:25:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-06 01:25:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-06 00:24:41 -------- d-----w- C:\sh4ldr
2012-07-06 00:24:41 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-06 00:24:14 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 22:07:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{23C8D1B3-ACF6-4A63-91B0-817DD3BF98AA}
2012-07-05 22:07:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{C10A3BD6-EE43-48BC-833F-1E0E79091438}
2012-07-05 02:42:31 -------- d-----w- C:\Users\Yuki\AppData\Local\{E664F761-9ADF-4C9A-8D12-AC3FBC373665}
2012-07-05 02:42:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{3500D151-7267-45B7-81F6-BF311DF78836}
2012-07-04 14:42:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{E4E5C90A-E807-4CA2-80BC-39A78777719C}
2012-07-04 14:41:58 -------- d-----w- C:\Users\Yuki\AppData\Local\{46F15918-F997-4183-9979-5B8B0A77E90D}
2012-07-04 05:16:55 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-07-04 02:41:47 -------- d-----w- C:\Program Files (x86)\NT Locale Emulator Advance
2012-07-03 22:05:07 -------- d-----w- C:\Users\Yuki\AppData\Local\{A5C4A70E-0B89-4DAF-89FD-44787F643DC3}
2012-07-03 22:04:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{8A6571C2-7228-4B36-99FA-91716CB51F91}
2012-07-02 21:10:07 -------- d-----w- C:\Users\Yuki\AppData\Local\{F3F047FA-2096-4BDE-8745-FDB6286C0367}
2012-07-02 21:09:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{4740C4F0-72A2-45E3-8FAC-62158C191783}
2012-07-02 06:37:20 -------- d-----w- C:\Users\Yuki\AppData\Local\Apple Computer
2012-07-02 02:13:59 -------- d-----w- C:\Users\Yuki\AppData\Local\{96034553-BD51-463C-9F5F-33C0F36EFD95}
2012-07-02 02:13:49 -------- d-----w- C:\Users\Yuki\AppData\Local\{542A6ADA-6AA8-487A-AFD7-45CAA61484B4}
2012-07-01 14:13:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{AAF1C9CA-A639-4103-A71A-0C98FB62E29A}
2012-07-01 14:13:27 -------- d-----w- C:\Users\Yuki\AppData\Local\{66D0634F-C8F7-4AFC-B5C3-EFA2522D5D50}
2012-07-01 02:13:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{CB4E636C-545C-47A8-A8C8-86926CE47F37}
2012-07-01 02:12:53 -------- d-----w- C:\Users\Yuki\AppData\Local\{DA85BC16-171F-4212-B6D2-65FD5F59A967}
2012-06-30 14:12:41 -------- d-----w- C:\Users\Yuki\AppData\Local\{42344E89-E7BA-4012-9B69-9BDFD16F386F}
2012-06-30 14:12:30 -------- d-----w- C:\Users\Yuki\AppData\Local\{27E3E6D6-811D-441D-BB99-9ACDFAF26527}
2012-06-30 14:10:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{B1F51A89-BCAB-4BAF-A8A4-CE1D85387DCD}
2012-06-30 14:09:53 -------- d-----w- C:\Users\Yuki\AppData\Local\{8C45F611-2FD7-4C38-A5AB-0871184098F0}
2012-06-29 21:15:27 -------- d-----w- C:\Users\Yuki\AppData\Local\{A163B702-724B-43F1-86A6-95B329613593}
2012-06-29 21:15:16 -------- d-----w- C:\Users\Yuki\AppData\Local\{E49A265B-074F-482D-8785-9ADAA2553207}
2012-06-28 20:58:06 -------- d-----w- C:\Users\Yuki\AppData\Local\{BB1A7154-2D33-4105-AAB2-85460992E3AA}
2012-06-28 20:57:56 -------- d-----w- C:\Users\Yuki\AppData\Local\{6E30FF33-5CE3-4250-83FE-CA512E48E356}
2012-06-27 21:02:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{5032D4CA-DAC1-406B-B236-67CF82F19374}
2012-06-27 21:02:03 -------- d-----w- C:\Users\Yuki\AppData\Local\{F263056F-346A-4362-9D73-2E35433B4E1B}
2012-06-26 21:26:36 -------- d-----w- C:\Users\Yuki\AppData\Local\{CEFCFADF-4705-4087-B319-42C9165EC2B0}
2012-06-26 21:26:26 -------- d-----w- C:\Users\Yuki\AppData\Local\{D9E6BC58-7882-41D0-9121-26FDA7B48EEE}
2012-06-25 21:25:51 -------- d-----w- C:\Users\Yuki\AppData\Local\{17DDB131-EEE2-4709-B34F-85F6058C40DE}
2012-06-25 21:25:41 -------- d-----w- C:\Users\Yuki\AppData\Local\{99459A75-A7E0-4912-B142-32E85F74A94E}
2012-06-25 01:31:24 -------- d-----w- C:\Users\Yuki\AppData\Local\{9682ACD8-1D61-4E70-86A2-B9783EB8118E}
2012-06-25 01:31:13 -------- d-----w- C:\Users\Yuki\AppData\Local\{2BCF650F-DD7B-4662-A788-35C6EDA51786}
2012-06-24 13:31:02 -------- d-----w- C:\Users\Yuki\AppData\Local\{5A6C4337-8894-495B-ACC9-366F852F8DAD}
2012-06-24 13:30:51 -------- d-----w- C:\Users\Yuki\AppData\Local\{B556C93E-8F2E-4E37-9A45-96971A11952A}
2012-06-23 21:11:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{2F5B0F62-22A7-40CD-9D3C-61B081062BA1}
2012-06-23 21:11:32 -------- d-----w- C:\Users\Yuki\AppData\Local\{DE07B733-8DB7-42D0-B7C8-CC39CC32F7C4}
2012-06-23 09:11:08 -------- d-----w- C:\Users\Yuki\AppData\Local\{3AA346FC-9AF7-40D9-8811-C7B4DE572A19}
2012-06-23 09:10:58 -------- d-----w- C:\Users\Yuki\AppData\Local\{AE3DE6AE-2B2B-473C-8510-1641CF38DBDB}
2012-06-22 21:12:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 21:12:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 21:11:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 21:11:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 21:10:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{5E2B8EA6-468B-4DEB-8BC2-CD40A5BA511B}
2012-06-22 21:10:31 -------- d-----w- C:\Users\Yuki\AppData\Local\{512B01F0-9A80-4E5A-B563-FDD8F15ED6D5}
2012-06-21 16:46:52 -------- d-----w- C:\Users\Yuki\AppData\Local\{6A8057FD-E6EE-445D-89E6-BB68B7D4B870}
2012-06-21 16:46:42 -------- d-----w- C:\Users\Yuki\AppData\Local\{72F813E5-B50A-4D59-B1BD-B3CB2EFF3D19}
2012-06-21 04:20:12 -------- d-----w- C:\Users\Yuki\AppData\Local\{AE227829-CCE7-4AC8-9701-4B201A45D3C6}
2012-06-21 04:20:02 -------- d-----w- C:\Users\Yuki\AppData\Local\{75F5C01A-AA70-4ACB-B2CA-969B480B2989}
2012-06-20 16:19:50 -------- d-----w- C:\Users\Yuki\AppData\Local\{E813070C-7471-4C46-82C3-E6478EAD4A50}
2012-06-20 16:19:39 -------- d-----w- C:\Users\Yuki\AppData\Local\{EDDA0987-FA51-435D-9D54-20EDCBB1F770}
2012-06-19 22:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 16:19:22 -------- d-----w- C:\Users\Yuki\AppData\Local\{12AC39D3-C4C9-4BB0-8953-4488686D6496}
2012-06-19 16:19:12 -------- d-----w- C:\Users\Yuki\AppData\Local\{DAC4FFEF-D5B9-4ABD-94AE-2CD575CF2429}
2012-06-18 22:59:06 -------- d-----w- C:\Users\Yuki\AppData\Local\{E05BC092-9541-4936-BDFC-CFC44927FE72}
2012-06-18 02:53:28 -------- d-----w- C:\Users\Yuki\AppData\Local\{D168A399-AC26-4DB1-A511-F6C53B349B59}
2012-06-17 14:53:18 -------- d-----w- C:\Users\Yuki\AppData\Local\{A47A60B0-4A9D-4490-BA44-9EC81FC5ABF8}
2012-06-17 02:46:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{DBD5F4A6-A264-4595-B3F3-16464CF89D00}
2012-06-16 14:46:15 -------- d-----w- C:\Users\Yuki\AppData\Local\{4950500B-A6A3-41B8-AABA-337C5AA5CC14}
2012-06-16 01:53:52 -------- d-----w- C:\Users\Yuki\AppData\Local\{DDE6FBAE-3CE9-4F54-90D3-0665DF244C6B}
2012-06-15 13:53:40 -------- d-----w- C:\Users\Yuki\AppData\Local\{2E101E7F-8B2A-4470-B97F-5272F93EE674}
2012-06-14 20:50:56 -------- d-----w- C:\Users\Yuki\AppData\Local\{E1BC95D0-3165-43C0-8E02-463220D3DDAB}
2012-06-14 20:50:44 -------- d-----w- C:\Users\Yuki\AppData\Local\{13999467-562C-4927-9FB4-422EC444F79F}
2012-06-13 20:51:14 -------- d-----w- C:\Users\Yuki\AppData\Local\{7886EC3E-4341-4638-90F7-2552FB6B3642}
2012-06-13 20:50:57 -------- d-----w- C:\Users\Yuki\AppData\Local\{2028A523-C4DF-4EF0-8547-FCD5E9D8A232}
2012-06-12 21:25:29 -------- d-----w- C:\Users\Yuki\AppData\Local\Macromedia
2012-06-12 20:49:16 -------- d-----w- C:\Users\Yuki\AppData\Local\{DDD6AFE1-43C2-40E3-AC51-AC4EE0910DED}
2012-06-12 20:49:05 -------- d-----w- C:\Users\Yuki\AppData\Local\{2B412EAB-8063-41E0-A815-38156A976600}
2012-06-11 20:49:15 -------- d-----w- C:\Users\Yuki\AppData\Local\{0A26B2C3-B62D-41C5-87A5-A220E2BF8FEB}
2012-06-11 20:49:04 -------- d-----w- C:\Users\Yuki\AppData\Local\{551CB1B5-935F-45C7-8531-5D183BEF169F}
2012-06-11 01:21:54 -------- d-----w- C:\Users\Yuki\AppData\Local\{265D365B-E8F0-448A-8F1F-23779F506BAB}
2012-06-11 01:21:44 -------- d-----w- C:\Users\Yuki\AppData\Local\{A742D336-4FC5-4CBB-B6E1-C4D428F62A93}
2012-06-10 13:21:32 -------- d-----w- C:\Users\Yuki\AppData\Local\{3DD09398-CB1F-436C-AFCA-2B5A7287238F}
2012-06-10 13:21:21 -------- d-----w- C:\Users\Yuki\AppData\Local\{2EAF8D41-BFB1-4605-821A-667EE9240494}
2012-06-09 21:40:24 -------- d-----w- C:\Users\Yuki\AppData\Local\{0832E854-0D22-4441-8C27-8144BBF8C8F9}
2012-06-09 21:40:14 -------- d-----w- C:\Users\Yuki\AppData\Local\{ACEA45EB-D948-420E-9A8E-D23668DD2AEF}
2012-06-09 09:39:50 -------- d-----w- C:\Users\Yuki\AppData\Local\{D1CF8716-443D-4114-A0AF-E2EBC3A8D634}
2012-06-09 09:39:40 -------- d-----w- C:\Users\Yuki\AppData\Local\{B5FCD0D0-5006-48D1-B35C-B0905558063C}
2012-06-08 21:08:38 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 21:08:38 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 21:07:49 -------- d-----w- C:\Users\Yuki\AppData\Local\{B0D1DACD-6E50-4DC5-8612-AB751A808498}
2012-06-08 21:07:38 -------- d-----w- C:\Users\Yuki\AppData\Local\{F25CB4F7-368C-46DF-877E-F8FAB1835C00}
2012-06-07 21:00:20 -------- d-----w- C:\Users\Yuki\AppData\Local\{A8B64B00-374E-488D-92FF-E81E2F991663}
2012-06-07 21:00:09 -------- d-----w- C:\Users\Yuki\AppData\Local\{8D5C05B2-C7AA-4686-AF40-3B57B7783880}
.
==================== Find3M ====================
.
2012-07-06 20:49:00 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-05 22:15:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 22:15:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 19:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-24 19:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-24 19:46:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 17:03:30.07 ===============


thanks in advance
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,433 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
06-Jul-2012, 06:43 PM #2
A gold/blue shield removal specialist will need to view your logs and assist you with any possible infections still present.

In the meantime, I'll give you my 2 cents worth.

Get rid of AVG 2012 and AVG Security Toolbar, then install Microsoft Security Essentials 4.0.1526.0.
It's more user-friendly and lighter on resources and well-recommended here.

Get rid of Spybot - Search & Destroy, then install SUPERAntiSpyware 5.5.0.1106.
It works well with Malwarebytes Anti-Malware 1.61.0.1400(which you already have) in combating malware, spyware, rogues, hijackers, etc..

Java(TM) 6 Update 31 needs to be updated to Java Runtime Environment 1.6.0.33(6 Update 33).
6 Update 33 will overwrite and replace 6 Update 31, so there's no need to uninstall it first.

Skype 5.9 needs to be updated to Skype 5.10.
I personally don't use it, so I don't know what the update procedure is.

------------------------------------------------
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
07-Jul-2012, 02:11 PM #3
thanks so far
im pretty sure that there is still something off
every time i reboot it changes my folder view settings and my desktop auto arranges symbols
is it "safe" to uninstall avg and change to microsoft essentials while there is still a possible infection ?
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,433 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
07-Jul-2012, 03:03 PM #4
Hold off switching antivirus programs until after a gold/blue shield removal specialist assists you.

If you haven't gotten a reply from one in the next 24 hours, click the orange "Report" link and then request to have one assist you.

-----------------------------------------------------------
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
08-Jul-2012, 03:32 PM #5
well i figured out why my folders where acting up and fixed that
but im still unsure if all infections have been removed malewarebytes and superantispyware dont find any infections except for the occasional tracking cookie
dont really want to log into my paypal or online banking site before im sure that i have no infections remaining on my system
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
09-Jul-2012, 01:41 AM #6
just ran ESET online scanner which found 3 more infections that none of the other scanners i ran so far where able to find and removed them

win64/sirefef.AE.trojan
win64/Patched.B.Gen trojan
a variant of win32/sirefef.FD trojan
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
09-Jul-2012, 11:10 PM #7
would appreciate if anyone could help me make sure that im virus free now
should i update my hijack this log considering i have found and removed some infections since i first posted it ?
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,433 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Jul-2012, 09:57 AM #8
Have you clicked the orange Report link and then requested to have a gold shield removal specialist help you?

-----------------------------------------------------------
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
10-Jul-2012, 05:05 PM #9
no have not done that yet since it states that the report function should not be used to request assistance but i guess ill go ahead and do that right now
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Jul-2012, 05:25 PM #10
Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select correct keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
10-Jul-2012, 08:16 PM #11
ran the scan and here is the txt file

Scan result of Farbar Recovery Scan Tool Version: 10-07-01
Ran by SYSTEM at 10-07-01 19:10:
Running from F:\
Windows 7 Home Premium Service Pack 1 (X6) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl6.exe -s [1178071 011-0-] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [11060 011-07-8] (Logitech Inc.)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 60 Accessories\XboxStat.exe" silentrun [8518 009-09-0] (Microsoft Corporation)
HKLM-x\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG01\avgtray.exe" [587008 01-0-05] (AVG Technologies CZ, s.r.o.)
HKLM-x\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [110755 01-07-09] ()
HKLM-x\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [871 01-01-0] (Adobe Systems Incorporated)
HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [590 01-0-0] (Apple Inc.)
HKLM-x\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [778 008-07-] (AMD)
HKLM-x\...\Run: [ROC_roc_dec1] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec1.exe" /PROMPT /CMPID=roc_dec1 [98096 01-01-18] ()
HKLM-x\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [8956 011-0-07] (Elaborate Bytes AG)
HKLM-x\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [1888 01-0-18] (Apple Inc.)
HKU\Yuki\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [6080 009-0-05] (Safer-Networking Ltd.)
HKU\Yuki\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [18 011-10-1] (Valve Corporation)
HKU\Yuki\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [8018 01-0-08] (Microsoft Corporation)
HKU\Yuki\...\Run: [NCsoft] [x]
HKU\Yuki\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17176 01-06-05] (Skype Technologies S.A.)
HKU\Yuki\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [78707 01-06-6] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 19.168.0.1

==================== Services (Whitelisted) ======

!SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE6.EXE" [1067 011-08-11] (SUPERAntiSpyware.com)
AppleChargerSrv; C:\Windows\System\AppleChargerSrv.exe [17 010-0-06] ()
AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG01\AVGIDSAgent.exe" [5160568 01-07-0] (AVG Technologies CZ, s.r.o.)
avgwd; "C:\Program Files (x86)\AVG\AVG01\avgwdsvc.exe" [1988 01-0-1] (AVG Technologies CZ, s.r.o.)
ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [6816 009-08-] ()
PnkBstrA; C:\Windows\SysWow6\PnkBstrA.exe [76888 01-0-17] ()
SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [11568 009-01-6] (Safer Networking Ltd.)
vToolbarUpdater11..0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11..0\ToolbarUpdater.exe [95008 01-07-09] ()

========================== Drivers (Whitelisted) =============

19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-0-10] (Advanced Micro Devices)
0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-0-10] (Advanced Micro Devices)
AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
1 AppleCharger; C:\Windows\System\Drivers\AppleCharger.sys [110 011-01-10] ()
arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
AVGIDSDriver; C:\Windows\System\DRIVERS\avgidsdrivera.sys [196 011-1-] (AVG Technologies CZ, s.r.o. )
AVGIDSFilter; C:\Windows\System\DRIVERS\avgidsfiltera.sys [9776 011-1-] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System\Drivers\AVGIDSHA.sys [880 01-0-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx6; C:\Windows\System\Drivers\Avgldx6.sys [8987 01-0-] (AVG Technologies CZ, s.r.o.)
1 Avgmfx6; C:\Windows\System\Drivers\Avgmfx6.sys [7696 011-1-] (AVG Technologies CZ, s.r.o.)
0 Avgrkx6; C:\Windows\System\Drivers\Avgrkx6.sys [69 01-01-1] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System\Drivers\Avgtdia.sys [8808 01-0-19] (AVG Technologies CZ, s.r.o.)
b06bdrv; C:\Windows\system\drivers\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-] (Microsoft Corporation)
BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
ebdrv; C:\Windows\system\drivers\evbda.sys [86016 009-06-10] (Broadcom Corporation)
ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
gdrv; \??\C:\Windows\gdrv.sys [560 01-07-10] (Windows (R) Server 00 DDK provider)
GVTDrv6; \??\C:\Windows\GVTDrv6.sys [058 011-10-1] ()
HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-0-10] (Intel Corporation)
iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [7551 011-0-] (Realtek Semiconductor Corp.)
intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
LGBusEnum; C:\Windows\System\Drivers\LGBusEnum.sys [08 011-10-16] (Logitech Inc.)
LGVirHid; C:\Windows\System\Drivers\LGVirHid.sys [16008 011-10-16] (Logitech Inc.)
lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-0-6] (Microsoft Corporation)
mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-0-6] (Microsoft Corporation)
msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-11-0] (Microsoft Corporation)
NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-0-10] (Microsoft Corporation)
1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
NVHDA; C:\Windows\System\drivers\nvhda6v.sys [188 01-01-17] (NVIDIA Corporation)
nvlddmkm; C:\Windows\System\Drivers\nvlddmkm.sys [1618 01-0-09] (NVIDIA Corporation)
nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-0-10] (NVIDIA Corporation)
nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-0-10] (NVIDIA Corporation)
nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
0 pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
Processor; C:\Windows\system\drivers\processr.sys [6016 009-07-1] (Microsoft Corporation)
1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
RTL8167; C:\Windows\System\DRIVERS\Rt6win7.sys [1800 011-01-1] (Realtek )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV6.SYS [198 011-07-] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL6.SYS [168 011-07-1] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
1 Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [6756 011-0-8] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [1011 011-0-8] (Microsoft Corporation)
srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-0-8] (Microsoft Corporation)
swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
TsUsbGD; C:\Windows\System\Drivers\TsUsbGD.sys [1 010-11-0] (Microsoft Corporation)
tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
usbaudio; C:\Windows\System\Drivers\usbaudio.sys [109696 010-11-0] (Microsoft Corporation)
usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-0-] (Microsoft Corporation)
usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-0-] (Microsoft Corporation)
usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-0-] (Microsoft Corporation)
usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-0-] (Microsoft Corporation)
usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-0-10] (Microsoft Corporation)
usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-0-] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)
xusb1; C:\Windows\System\Drivers\xusb1.sys [79976 009-08-0] (Microsoft Corporation)
EagleX6; \??\C:\Windows\system\drivers\EagleX6.sys [x]
esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
NPPTNT; \??\C:\Windows\system\npptNT.sys [x]
X6va005; \??\C:\Users\Yuki\AppData\Local\Temp\005D06A.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

01-07-10 1:0 - 01-07-10 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9E9C99-B61-C1-B00-EA7BD5B91B8}
01-07-10 1:0 - 01-07-10 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DFF-AE1-F8A-8F0-85CD15D8D1}
01-07-09 1:50 - 01-07-09 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F0CFBEB-6A-DB9-A5B7-ED58E77170}
01-07-09 1:50 - 01-07-09 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{18DC87-7B0-88F-BF8-0E1BFCCBCF}
01-07-08 19:8 - 01-07-08 19:8 - 00000000 ____D C:\Program Files (x86)\ESET
01-07-08 19:5 - 01-07-08 19:5 - 0009 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HousecallLauncher.exe
01-07-08 19: - 01-07-08 19: - 00000000 ____D C:\Program Files (x86)\Panda Security
01-07-08 18:18 - 01-07-08 18:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{86F671EC-8D15-FFE-AEAF-E659FB9001E}
01-07-08 18:18 - 01-07-08 18:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9F9E8-FD-96B-AC1-0AC58D656CA}
01-07-08 06:18 - 01-07-08 06:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AEA-C79A-5EF-811-15D9D1D898B}
01-07-08 06:17 - 01-07-08 06:18 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CD5E87A-BE7-EB7-8C71-19FB1AD6}
01-07-07 18:07 - 01-07-07 18:07 - 00000000 ____D C:\Users\Yuki\dwhelper
01-07-07 1:50 - 01-07-07 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D9B0BBB-6C77-9-96D9-FF05FEAA}
01-07-07 1:50 - 01-07-07 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7BE916E8-FF0D-D-8F01-60FDCF5BB6}
01-07-07 00:50 - 01-07-07 00:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8C06BC61-08B7-B90-9ED-E61FE7E6DC}
01-07-07 00:50 - 01-07-07 00:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{656D670C-77D-EB1-BDD-068EE9AB}
01-07-06 15:0 - 01-07-06 15:0 - 005008 ____A (Sun Microsystems, Inc.) C:\Windows\System\npdeployJava1.dll
01-07-06 15:0 - 01-07-06 15:0 - 0055576 ____A (Sun Microsystems, Inc.) C:\Windows\System\deployJava1.dll
01-07-06 15:0 - 01-07-06 15:0 - 001910 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaws.exe
01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaw.exe
01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\java.exe
01-07-06 15:0 - 01-07-06 15:0 - 00000000 ____D C:\Program Files\Java
01-07-06 1:6 - 01-07-06 1:6 - 0060760 ____R (Swearware) C:\Users\Yuki\Downloads\dds.com
01-07-06 1:50 - 01-07-06 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D5E8599-E7-59-B5A5-1AE61AA0DCA}
01-07-06 1:50 - 01-07-06 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F0CE78-DD69-BDB-8819-909F9B5B99}
01-07-05 19:0 - 01-07-06 1:1 - 000179 ____A C:\Users\Yuki\Downloads\hijackthis.log
01-07-05 19:9 - 01-07-05 19:9 - 0088608 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HijackThis.exe
01-07-05 19:19 - 01-07-07 0:51 - 000005 ____A C:\Windows\epplauncher.mif
01-07-05 17:5 - 01-07-05 17:5 - 088970 ____A (Piriform Ltd) C:\Users\Yuki\Downloads\ccsetup0.exe
01-07-05 17:5 - 01-07-05 17:5 - 161696 ____A (Microsoft Corporation) C:\Users\Yuki\Downloads\mseinstall.exe
01-07-05 17:51 - 01-07-05 17:51 - 000059 ____A C:\Users\Public\Desktop\Google Chrome.lnk
01-07-05 17:8 - 01-07-10 16:00 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-07-05 17:8 - 01-07-10 1:0 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-07-05 17:8 - 01-07-05 17:51 - 00000000 ____D C:\Program Files (x86)\Google
01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
01-07-05 17:8 - 01-07-05 17:8 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Users\Yuki\AppData\Roaming\Malwarebytes
01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Users\All Users\Malwarebytes
01-07-05 17:5 - 01-07-05 17:5 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
01-07-05 17:5 - 01-0-0 1:56 - 00090 ____A (Malwarebytes Corporation) C:\Windows\System\Drivers\mbam.sys
01-07-05 17:17 - 01-07-05 17:17 - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Yuki\Downloads\mbam-setup-1.61.0.100.exe
01-07-05 16:57 - 01-07-05 16:57 - 0000006 ____A C:\Users\Yuki\Desktop\command.txt
01-07-05 16: - 01-07-05 16:58 - 00000000 ____D C:\Windows\18F97AF0F889AFE5A570E1CC.TMP
01-07-05 16: - 01-07-05 16:58 - 00000000 ____D C:\shldr
01-07-05 16: - 01-07-05 16: - 00000000 ____D C:\Program Files\Enigma Software Group
01-07-05 1:07 - 01-07-05 1:07 - 00000000 ____D C:\Users\Yuki\AppData\Local\{C10ABD6-EE-8BC-8F-1E0E790918}
01-07-05 1:07 - 01-07-05 1:07 - 00000000 ____D C:\Users\Yuki\AppData\Local\{C8D1B-ACF6-A6-91B0-817DDBF98AA}
01-07-0 18: - 01-07-0 18: - 00000000 ____D C:\Users\Yuki\AppData\Local\{E66F761-9ADF-C9A-8D1-ACFBC7665}
01-07-0 18: - 01-07-0 18: - 00000000 ____D C:\Users\Yuki\AppData\Local\{500D151-767-5B7-81F6-BF11DF7886}
01-07-0 06: - 01-07-0 06: - 00000000 ____D C:\Users\Yuki\AppData\Local\{EE5C90A-E807-CA-80BC-9A78777719C}
01-07-0 06:1 - 01-07-0 06: - 00000000 ____D C:\Users\Yuki\AppData\Local\{6F15918-F997-18-9979-5B8B0A77E90D}
01-07-0 1:16 - 01-07-0 1:16 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
01-07-0 18:1 - 01-07-0 18: - 00000000 ____D C:\Program Files (x86)\NT Locale Emulator Advance
01-07-0 1:05 - 01-07-0 1:05 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A5CA70E-0B89-DAF-89FD-787F6DC}
01-07-0 1:0 - 01-07-0 1:05 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8A6571C-78-B6-99FA-91716CB51F91}
01-07-0 1:10 - 01-07-0 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{FF07FA-096-BDE-875-FDB686C067}
01-07-0 1:09 - 01-07-0 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{70CF0-7A-5E-8FAC-6158C19178}
01-07-01 :9 - 01-07-01 :9 - 00000000 ____D C:\Users\All Users\Apple Computer
01-07-01 :9 - 01-07-01 :9 - 00000000 ____D C:\Program Files (x86)\QuickTime
01-07-01 :7 - 01-07-01 :7 - 00000000 ____D C:\Users\Yuki\AppData\Local\Apple Computer
01-07-01 :19 - 01-07-01 :1 - 9856 ____A (Apple Inc.) C:\Users\Yuki\Downloads\QuickTimeInstaller.exe
01-07-01 18:1 - 01-07-01 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{96055-BD51-6C-9F5F-C0F6EFD95}
01-07-01 18:1 - 01-07-01 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5A6ADA-6AA8-87A-AFD7-5CAA618B}
01-07-01 18:0 - 01-07-01 18:0 - 001551 ____A C:\Users\Yuki\Desktop\bookmarks-01-07-01.json
01-07-01 06:1 - 01-07-01 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AAF1C9CA-A69-10-A71A-0C98FB6E9A}
01-07-01 06:1 - 01-07-01 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{66D06F-C8F7-AFC-B5C-EFA5D5D50}
01-06-0 18:1 - 01-06-0 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CBE66C-55C-7A8-A8C8-8696CE7F7}
01-06-0 18:1 - 01-06-0 18:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DA85BC16-171F-1-B6D-65FD5F59A967}
01-06-0 06:1 - 01-06-0 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E89-E7BA-01-9B69-9BDFD16F86F}
01-06-0 06:1 - 01-06-0 06:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7EE6D6-811D-1D-BB99-9ACDFAF657}
01-06-0 06:10 - 01-06-0 06:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B1F51A89-BCAB-BAF-A8A-CE1D8587DCD}
01-06-0 06:09 - 01-06-0 06:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{8C5F611-FD7-C8-A5AB-087118098F0}
01-06-9 1:15 - 01-06-9 1:15 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E9A65B-07F-8D-8785-9ADAA5507}
01-06-9 1:15 - 01-06-9 1:15 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A16B70-7B-F1-86A6-95B96159}
01-06-8 1:58 - 01-06-8 1:58 - 00000000 ____D C:\Users\Yuki\AppData\Local\{BB1A715-D-105-AAB-856099EAA}
01-06-8 1:57 - 01-06-8 1:58 - 00000000 ____D C:\Users\Yuki\AppData\Local\{6E0FF-5CE-50-8FE-CA51E8E56}
01-06-7 1:0 - 01-06-7 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F6056F-6A-6-9D7-E5BE1B}
01-06-7 1:0 - 01-06-7 1:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{50DCA-DAC1-06B-B6-67CF8F197}
01-06-6 1:6 - 01-06-6 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D9E6BC58-788-1D0-911-6FDA7B8EEE}
01-06-6 1:6 - 01-06-6 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{CEFCFADF-705-087-B19-C9165ECB0}
01-06-5 1:5 - 01-06-5 1:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{17DDB11-EEE-709-BF-85F6058C0DE}
01-06-5 1:5 - 01-06-5 1:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{9959A75-A7E0-91-B1-E85F7A9E}
01-06- 17:1 - 01-06- 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{968ACD8-1D61-E70-86A-B978EB8118E}
01-06- 17:1 - 01-06- 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{BCF650F-DD7B-66-A788-5C6EDA51786}
01-06- 05:1 - 01-06- 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5A6C7-889-95B-ACC9-66F85F8DAD}
01-06- 05:0 - 01-06- 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B556C9E-8FE-E7-9A5-96971A1195A}
01-06- 1:11 - 01-06- 1:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DE07B7-8DB7-D0-B7C8-CC9CCF7C}
01-06- 1:11 - 01-06- 1:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{F5B0F6-A7-0CD-9DC-61B08106BA1}
01-06- 09:6 - 01-06- 11: - 00000000 ____D C:\Users\Yuki\Downloads\EFT.15
01-06- 01:11 - 01-06- 01:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AA6FC-9AF7-0D9-8811-C7BDE57A19}
01-06- 01:10 - 01-06- 01:11 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AEDE6AE-BB-7C-8510-161CF8DBDB}
01-06- 1:1 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06- 1:1 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06- 1:1 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06- 1:1 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 1:1 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 1:1 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06- 1:1 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06- 1:11 - 01-06-0 1:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06- 1:11 - 01-06-0 1:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06- 1:10 - 01-06- 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{5EB8EA6-68B-DEB-8BC-CD0A5BA511B}
01-06- 1:10 - 01-06- 1:10 - 00000000 ____D C:\Users\Yuki\AppData\Local\{51B01F0-9A80-E5A-B56-FDD8F15ED6D5}
01-06-1 19:9 - 01-06-1 19:9 - 085086 ____A C:\Users\Yuki\Downloads\interstellarFederation_v1__1.rar
01-06-1 08:6 - 01-06-1 08:7 - 00000000 ____D C:\Users\Yuki\AppData\Local\{6A8057FD-E6EE-5D-89E6-BB68B7DB870}
01-06-1 08:6 - 01-06-1 08:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7F81E5-B50A-D59-B1BD-BCBEFFD19}
01-06-0 0:0 - 01-06-0 0:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{AE789-CCE7-AC8-9701-B01A5DC6}
01-06-0 0:0 - 01-06-0 0:0 - 00000000 ____D C:\Users\Yuki\AppData\Local\{75F5C01A-AA70-ACB-BCA-969B80B989}
01-06-0 08:19 - 01-06-0 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{EDDA0987-FA51-5D-9D5-0EDCBB1F770}
01-06-0 08:19 - 01-06-0 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E81070C-771-C6-8C-E678EADA50}
01-06-19 08:19 - 01-06-19 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DACFFEF-D5B9-ABD-9AE-CD575CF9}
01-06-19 08:19 - 01-06-19 08:19 - 00000000 ____D C:\Users\Yuki\AppData\Local\{1AC9D-CC9-BB0-895-88686D696}
01-06-18 1:59 - 01-06-18 1:59 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E05BC09-951-96-BDFC-CFC97FE7}
01-06-17 18:5 - 01-06-17 18:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{D168A99-AC6-DB1-A511-F6C5B9B59}
01-06-17 06:5 - 01-06-17 06:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A7A60B0-A9D-90-BA-9EC81FC5ABF8}
01-06-16 18:6 - 01-06-16 18:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DBD5FA6-A6-595-BF-166CF89D00}
01-06-16 06:6 - 01-06-16 06:6 - 00000000 ____D C:\Users\Yuki\AppData\Local\{950500B-A6A-1B8-AABA-7C5AA5CC1}
01-06-15 17:5 - 01-06-15 17:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DDE6FBAE-CE9-F5-90D-0665DFC6B}
01-06-15 05:5 - 01-06-15 05:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E101E7F-8BA-70-B97F-57F9EE67}
01-06-1 1:50 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{E1BC95D0-165-C0-8E0-60DDDAB}
01-06-1 1:50 - 01-06-1 1:50 - 00000000 ____D C:\Users\Yuki\AppData\Local\{199967-56C-97-9FB-ECF79F}
01-06-1 15:57 - 01-05-1 0:01 - 0118886 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-06-1 15:57 - 01-05-1 19:59 - 000651 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-06-1 15:57 - 01-05-1 19:0 - 0098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-06-1 15:57 - 01-05-1 19:00 - 000818 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-06-1 15:57 - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-06-1 15:57 - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-06-1 15:57 - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-06-1 15:57 - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-06-1 15:57 - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-06-1 15:57 - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-06-1 15:57 - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-06-1 15:57 - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-06-1 15:57 - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-06-1 15:57 - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-06-1 15:57 - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-06-1 15:57 - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-06-1 15:57 - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-06-1 15:57 - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-06-1 15:57 - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-06-1 15:57 - 01-0-19 1: - 19716 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-06-1 15:57 - 01-0-19 1: - 0905980 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-06-1 15:57 - 01-0-19 1: - 0558 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-06-1 15:57 - 01-0-19 1: - 019016 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-06-1 15:57 - 01-0-19 1: - 00757 ____A (Microsoft Corporation) C:\Windows\System\msfeeds.dll
01-06-1 15:57 - 01-0-19 1: - 007808 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-06-1 15:57 - 01-0-19 1: - 0011 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-06-1 15:57 - 01-0-19 1: - 0009779 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-06-1 15:57 - 01-0-19 1:00 - 01160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-06-1 15:57 - 01-0-19 1:00 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-06-1 15:57 - 01-0-19 0:57 - 0607776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-06-1 15:57 - 01-0-19 0:57 - 006771 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msfeeds.dll
01-06-1 15:57 - 01-0-19 0:57 - 0006758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-06-1 15:57 - 01-0-19 0:56 - 1100800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-06-1 15:57 - 01-0-19 0:56 - 007600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-06-1 15:57 - 01-0-19 0:56 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-06-1 15:57 - 01-0-19 19:5 - 016891 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-06-1 15:57 - 01-0-19 19:16 - 016891 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-06-1 15:57 - 01-0-16 1:1 - 00918016 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-06-1 15:57 - 01-0-16 0: - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-06-1 15:57 - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
01-06-1 15:57 - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll
01-06-1 1:51 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{7886ECE-1-68-90F7-55FB6B6}
01-06-1 1:50 - 01-06-1 1:51 - 00000000 ____D C:\Users\Yuki\AppData\Local\{08A5-CDF-EF0-857-FCD5E9D8A}
01-06-1 1:5 - 01-06-1 1:5 - 00000000 ____D C:\Users\Yuki\AppData\Local\Macromedia
01-06-1 1:9 - 01-06-1 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DDD6AFE1-C-0E-AC51-ACEE0910DED}
01-06-1 1:9 - 01-06-1 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{B1EAB-806-1E0-A815-8156A976600}
01-06-11 1:9 - 01-06-11 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{551CB1B5-95F-5C7-851-5D18BEF169F}
01-06-11 1:9 - 01-06-11 1:9 - 00000000 ____D C:\Users\Yuki\AppData\Local\{0A6BC-B6D-1C5-87A5-A0EBF8FEB}
01-06-10 17:1 - 01-06-10 17: - 00000000 ____D C:\Users\Yuki\AppData\Local\{65D65B-E8F0-8A-8F1F-779F506BAB}
01-06-10 17:1 - 01-06-10 17:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{A7D6-FC5-CBB-B6E1-CD8F6A9}
01-06-10 09:7 - 01-06-10 09:6 - 000751 ____A C:\Users\Yuki\Documents\EVEMon_Settings_787.xml.bak
01-06-10 05:1 - 01-06-10 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{DD0998-CB1F-6C-AFCA-B5A7878F}
01-06-10 05:1 - 01-06-10 05:1 - 00000000 ____D C:\Users\Yuki\AppData\Local\{EAF8D1-BFB1-605-81A-667EE909}


============ Months Modified Files ========================

01-07-10 16:07 - 011-10-1 0:1 - 000006 ____A C:\service.log
01-07-10 16:07 - 011-10-1 0:7 - 018591 ____A C:\Windows\WindowsUpdate.log
01-07-10 16:00 - 01-07-05 17:8 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-07-10 15:5 - 009-07-1 1:1 - 007788 ____A C:\Windows\System\PerfStringBackup.INI
01-07-10 15:11 - 01-0-01 1:8 - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
01-07-10 1:09 - 009-07-1 0:5 - 000080 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
01-07-10 1:09 - 009-07-1 0:5 - 000080 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
01-07-10 1:0 - 01-07-05 17:8 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-07-10 1:0 - 011-10-1 1: - 000560 ____A (Windows (R) Server 00 DDK provider) C:\Windows\gdrv.sys
01-07-10 1:0 - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
01-07-10 1:0 - 009-07-1 0:51 - 00087 ____A C:\Windows\setupact.log
01-07-08 19:5 - 01-07-08 19:5 - 0009 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HousecallLauncher.exe
01-07-07 0:51 - 01-07-05 19:19 - 000005 ____A C:\Windows\epplauncher.mif
01-07-06 15:0 - 01-07-06 15:0 - 005008 ____A (Sun Microsystems, Inc.) C:\Windows\System\npdeployJava1.dll
01-07-06 15:0 - 01-07-06 15:0 - 0055576 ____A (Sun Microsystems, Inc.) C:\Windows\System\deployJava1.dll
01-07-06 15:0 - 01-07-06 15:0 - 001910 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaws.exe
01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\javaw.exe
01-07-06 15:0 - 01-07-06 15:0 - 001796 ____A (Sun Microsystems, Inc.) C:\Windows\System\java.exe
01-07-06 1:6 - 01-07-06 1:6 - 0060760 ____R (Swearware) C:\Users\Yuki\Downloads\dds.com
01-07-06 1:1 - 01-07-05 19:0 - 000179 ____A C:\Users\Yuki\Downloads\hijackthis.log
01-07-05 19:9 - 01-07-05 19:9 - 0088608 ____A (Trend Micro Inc.) C:\Users\Yuki\Downloads\HijackThis.exe
01-07-05 19:0 - 010-11-0 19:7 - 0005198 ____A C:\Windows\PFRO.log
01-07-05 17:5 - 01-07-05 17:5 - 088970 ____A (Piriform Ltd) C:\Users\Yuki\Downloads\ccsetup0.exe
01-07-05 17:5 - 01-07-05 17:5 - 161696 ____A (Microsoft Corporation) C:\Users\Yuki\Downloads\mseinstall.exe
01-07-05 17:51 - 01-07-05 17:51 - 000059 ____A C:\Users\Public\Desktop\Google Chrome.lnk
01-07-05 17:17 - 01-07-05 17:17 - 1006000 ____A (Malwarebytes Corporation ) C:\Users\Yuki\Downloads\mbam-setup-1.61.0.100.exe
01-07-05 16:57 - 01-07-05 16:57 - 0000006 ____A C:\Users\Yuki\Desktop\command.txt
01-07-05 16: - 011-10-1 1:55 - 00057560 ____A C:\Users\Yuki\AppData\Local\GDIPFONTCACHEV1.DAT
01-07-05 1:15 - 01-0-01 1:8 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
01-07-05 1:15 - 011-10-1 1:6 - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
01-07-0 06:0 - 009-07-1 0:5 - 0070 ____A C:\Windows\System\FNTCACHE.DAT
01-07-0 1:19 - 01-06-0 07:0 - 00000967 ____A C:\Users\Public\Desktop\BitTorrent.lnk
01-07-01 :1 - 01-07-01 :19 - 9856 ____A (Apple Inc.) C:\Users\Yuki\Downloads\QuickTimeInstaller.exe
01-07-01 18:0 - 01-07-01 18:0 - 001551 ____A C:\Users\Yuki\Desktop\bookmarks-01-07-01.json
01-06- 11:6 - 011-1- 15:59 - 0080 ____A C:\Windows\SysWOW6\PnkBstrB.exe
01-06- 11:6 - 011-10-15 1:11 - 0080 ____A C:\Windows\SysWOW6\PnkBstrB.xtr
01-06- 11:6 - 011-10-15 1:09 - 008090 ____A C:\Windows\SysWOW6\PnkBstrB.ex0
01-06-1 19:9 - 01-06-1 19:9 - 085086 ____A C:\Users\Yuki\Downloads\interstellarFederation_v1__1.rar
01-06-1 1: - 011-10-18 1:5 - 589578 ____A (Microsoft Corporation) C:\Windows\System\MRT.exe
01-06-10 09:6 - 01-06-10 09:7 - 000751 ____A C:\Users\Yuki\Documents\EVEMon_Settings_787.xml.bak
01-06-0 07:7 - 01-06-0 07:7 - 0000008 ____A C:\Windows\118118
01-06-0 01:09 - 01-06-0 01:09 - 0000170 ____A C:\Users\Yuki\Desktop\EVE.lnk
01-06-0 1:19 - 01-06- 1:1 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-0 1:19 - 01-06- 1:1 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-0 1:19 - 01-06- 1:1 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-0 1:19 - 01-06- 1:1 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06- 1:1 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:15 - 01-06- 1:1 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-0 1:15 - 01-06- 1:1 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-0 1:19 - 01-06- 1:11 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-0 1:15 - 01-06- 1:11 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-05-5 1:7 - 01-05-5 1: - 17501 ____A ( ) C:\Users\Yuki\Downloads\BFFullInstallerv90d.exe
01-05-17 19:9 - 01-05-17 19:8 - 1071186 ____A C:\Users\Yuki\Downloads\Love Song Remixes.rar
01-05-16 08:57 - 009-07-1 1:08 - 000578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
01-05-1 1:5 - 01-05-1 1:1 - 0000119 ____A C:\Users\Public\Desktop\Diablo III.lnk
01-05-1 0:01 - 01-06-1 15:57 - 0118886 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-05-1 19:59 - 01-06-1 15:57 - 000651 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-05-1 19:0 - 01-06-1 15:57 - 0098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-05-1 19:00 - 01-06-1 15:57 - 000818 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-05-1 17: - 01-06-1 15:57 - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-05-1 17:16 - 01-05-1 17:16 - 18871817 ____A C:\Users\Yuki\Downloads\1000 Memories.rar
01-05-10 0:00 - 01-05-10 0:00 - 1907 ____A C:\Users\Yuki\Downloads\Uomozs Corvus 1 - Incursions and Relics.zip
01-05-08 18:5 - 01-05-08 18:5 - 00507 ____A C:\Users\Yuki\Downloads\weapon_pack_wonly_06.zip
01-05-07 1:05 - 01-05-07 0:57 - 19880 ____A C:\Users\Yuki\Downloads\Vocaloid Snooze Tunes Collection.rar
01-05-0 0:06 - 01-06-1 15:57 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-05-0 0:0 - 01-06-1 15:57 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-05-0 0:0 - 01-06-1 15:57 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-05-01 1: - 01-0-07 09:55 - 000007 ____A C:\Users\Public\Desktop\Starfarer.lnk
01-05-01 1: - 01-05-01 1: - 657870 ____A C:\Users\Yuki\Downloads\starfarer_install-0.5a-RC.exe
01-0-0 1:0 - 01-06-1 15:57 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-0-0 1:6 - 01-0-0 1: - 00000189 ____A C:\Users\Yuki\Desktop\Social Security.txt
01-0-8 00: - 011-10-1 1:59 - 0099 ____A C:\Windows\DirectX.log
01-0-7 19:55 - 01-06-1 15:57 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-0-5 1:1 - 01-06-1 15:57 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-0-5 1:1 - 01-06-1 15:57 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-0-5 1: - 01-06-1 15:57 - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-0- 1:7 - 01-06-1 15:57 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-0- 1:7 - 01-06-1 15:57 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-0- 1:7 - 01-06-1 15:57 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-0- 0:6 - 01-06-1 15:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-0- 0:6 - 01-06-1 15:57 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-0- 0:6 - 01-06-1 15:57 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-0-19 1: - 01-06-1 15:57 - 19716 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-0-19 1: - 01-06-1 15:57 - 0905980 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-0-19 1: - 01-06-1 15:57 - 0558 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-0-19 1: - 01-06-1 15:57 - 019016 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-0-19 1: - 01-06-1 15:57 - 00757 ____A (Microsoft Corporation) C:\Windows\System\msfeeds.dll
01-0-19 1: - 01-06-1 15:57 - 007808 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-0-19 1: - 01-06-1 15:57 - 0011 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-0-19 1: - 01-06-1 15:57 - 0009779 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-0-19 1:00 - 01-06-1 15:57 - 01160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-0-19 1:00 - 01-06-1 15:57 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-0-19 0:57 - 01-06-1 15:57 - 0607776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-0-19 0:57 - 01-06-1 15:57 - 006771 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msfeeds.dll
01-0-19 0:57 - 01-06-1 15:57 - 0006758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-0-19 0:56 - 01-06-1 15:57 - 1100800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-0-19 0:56 - 01-06-1 15:57 - 007600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-0-19 0:56 - 01-06-1 15:57 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-0-19 19:5 - 01-06-1 15:57 - 016891 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-0-19 19:16 - 01-06-1 15:57 - 016891 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-0-19 01:50 - 01-0-19 01:50 - 000880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System\Drivers\avgidsha.sys
01-0-18 17:56 - 01-0-18 17:56 - 000908 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTimeVR.qtx
01-0-18 17:56 - 01-0-18 17:56 - 000696 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTime.qts
01-0-16 1:1 - 01-06-1 15:57 - 00918016 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-0-16 0: - 01-06-1 15:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll


ZeroAccess:
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\@
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\0000000.@
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\1afbd56
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\L\01ddde
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\0000000.@
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\000000cb.@
C:\Windows\Installer\{e9e0dca-790-ccb-e8-d9b785cc606}\U\8000006.@

ZeroAccess:
C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}
C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\@
C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\L
C:\Users\Yuki\AppData\Local\{e9e0dca-790-ccb-e8-d9b785cc606}\U

========================= Known DLLs (Whitelisted) ============

[009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
[009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
[010-11-0 19:] - [010-11-0 19:] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
[010-11-0 19:] - [010-11-0 19:] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
[009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
[010-11-0 19:] - [010-11-0 19:] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
[01-06-1 15:57] - [01-0-19 1:] - 558 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
[01-06-1 15:57] - [01-0-19 0:56] - 07600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
[01-0-11 0:57] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
[01-0-11 0:57] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
[009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
[010-11-0 19:] - [010-11-0 19:] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
[011-10-1 0:00] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
[011-10-1 0:00] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
[009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
[009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
[009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
[009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
[01-0-15 0:5] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
[01-0-15 0:5] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
[009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
[009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
[009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
[011-10-1 0:00] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
[011-10-1 0:00] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
[009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
[010-11-0 19:] - [010-11-0 19:] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
[009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
[009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
[010-11-0 19:] - [010-11-0 19:] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
[010-11-0 19:] - [010-11-0 19:] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
[01-0-15 0:5] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
[01-0-15 0:5] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
[010-11-0 19:] - [010-11-0 19:] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
[01-06-1 15:57] - [01-0-19 1:] - 19016 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
[01-06-1 15:57] - [01-0-19 1:00] - 1160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
[010-11-0 19:] - [010-11-0 19:] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
[010-11-0 19:] - [010-11-0 19:] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
[01-06-1 15:57] - [01-05-1 0:01] - 118886 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
[01-06-1 15:57] - [01-05-1 19:0] - 098150 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
[010-11-0 19:] - [010-11-0 19:] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
[010-11-0 19:] - [010-11-0 19:] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
[009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
[009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll

========================= Bamital & volsnap Check ============

C:\Windows\System\winlogon.exe => MD5 is legit
C:\Windows\System\wininit.exe => MD5 is legit
C:\Windows\SysWOW6\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW6\explorer.exe => MD5 is legit
C:\Windows\System\svchost.exe => MD5 is legit
C:\Windows\SysWOW6\svchost.exe => MD5 is legit
C:\Windows\System\services.exe => MD5 is legit
C:\Windows\System\User.dll => MD5 is legit
C:\Windows\SysWOW6\User.dll => MD5 is legit
C:\Windows\System\userinit.exe => MD5 is legit
C:\Windows\SysWOW6\userinit.exe => MD5 is legit
C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8189.37 MB
Available physical RAM: 7381.32 MB
Total Pagefile: 8187.57 MB
Available Pagefile: 7369.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:571.85 GB) NTFS
3 Drive f: (SCII CE USB) (Removable) (Total:1.96 GB) (Free:1.96 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 2004 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

=========================================================================== =======

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================================== =======

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================================== =======

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 2004 MB 0 B

=========================================================================== =======

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================================== =======

==========================================================

Last Boot: 2012-07-08 09:13

======================= End Of Log ==========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jul-2012, 03:03 AM #12
As you stated services.exe is now showing clean, there are however still remnants from ZeroAcess. Run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
11-Jul-2012, 05:26 PM #13
thanks so far here is the combofix log
i disabled avg but it still said that avg was running when combofix ran

ComboFix 12-07-11.03 - Yuki 07/11/2012 16:06:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.6228 [GMT -5:00]
Running from: c:\users\Yuki\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Yuki\AppData\Local\assembly\tmp
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\@
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\00000004.@
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\1afb2d56
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\L\201d3dde
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\00000004.@
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\000000cb.@
c:\windows\Installer\{e9e0d4ca-7940-cc3b-e824-d93b785cc606}\U\80000064.@
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 21:11 . 2012-07-11 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-11 21:11 . 2012-07-11 21:11 -------- d-----w- c:\users\UpdatusUser.Yuki-PC\AppData\Local\temp
2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:10 . 2012-07-11 03:10 -------- d-----w- C:\FRST
2012-07-09 03:28 . 2012-07-09 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 03:23 . 2012-07-09 03:24 -------- d-----w- c:\program files (x86)\Panda Security
2012-07-08 02:07 . 2012-07-08 02:07 -------- d-----w- c:\users\Yuki\dwhelper
2012-07-06 23:04 . 2012-07-06 23:04 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 23:04 . 2012-07-06 23:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 23:04 . 2012-07-06 23:04 -------- d-----w- c:\program files\Java
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
2012-07-06 01:48 . 2012-07-06 01:51 -------- d-----w- c:\program files (x86)\Google
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\users\Yuki\AppData\Roaming\Malwarebytes
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 01:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- C:\sh4ldr
2012-07-06 00:24 . 2012-07-06 00:24 -------- d-----w- c:\program files\Enigma Software Group
2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-04 05:16 . 2012-07-04 05:16 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-07-04 02:41 . 2012-07-04 02:42 -------- d-----w- c:\program files (x86)\NT Locale Emulator Advance
2012-07-02 06:37 . 2012-07-02 06:37 -------- d-----w- c:\users\Yuki\AppData\Local\Apple Computer
2012-06-22 21:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 21:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 21:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 21:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 21:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 21:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 21:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 21:11 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 21:11 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-12 21:25 . 2012-06-12 21:25 -------- d-----w- c:\users\Yuki\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 21:13 . 2011-10-12 22:43 25640 ----a-w- c:\windows\gdrv.sys
2012-07-05 22:15 . 2012-04-01 20:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 22:15 . 2011-10-12 22:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 19:46 . 2011-12-24 23:59 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-24 19:46 . 2011-10-15 21:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-24 19:46 . 2011-10-15 21:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 01:50 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 257224]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-13 30528]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-16 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
R3 X6va005;X6va005;c:\users\Yuki\AppData\Local\Temp\005D06A.tmp [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-16 22408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:15]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr& d=2011-10-12%2017%3A54%3A16&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-NCsoft - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
AddRemove-???????3D - c:\games\stuff\3DCustomMaid\???????3D\Installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Yuki\AppData\Local\Temp\005D06A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Un install\񣌘򠳾􉐖03*D*]
"DisplayName"="???????3D"
"UninstallString"="c:\\Games\\stuff\\3DCustomMaid\\???????3D\\Installer .exe /luninst1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-11 16:18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 21:18
.
Pre-Run: 620,605,652,992 bytes free
Post-Run: 620,296,429,568 bytes free
.
- - End Of File - - 647706DDCF41FC242EA881DEF93AADED
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,570 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jul-2012, 05:40 PM #14
OK, continue as follows:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Killall::
File::
Folder::
C:\FRST
c:\program files (x86)\BitTorrentBar
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\񣌘򠳾􉐖03*D*]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Ensure remove found threats is checked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those three logs, also give update on any issues or concerns...

Kevin
Ktarl's Avatar
Ktarl Ktarl is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
11-Jul-2012, 07:01 PM #15
here is the combofix log running ESET gonna post that as soon as its done
no concerns so far however it seems my reboot is faster after running the combofix script
might just be my imagination though


ComboFix 12-07-11.03 - Yuki 07/11/2012 16:57:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.6398 [GMT -5:00]
Running from: c:\users\Yuki\Desktop\ComboFix.exe
Command switches used :: c:\users\Yuki\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\FRST
c:\frst\Hives\DEFAULT
c:\frst\Hives\SAM
c:\frst\Hives\SECURITY
c:\frst\Hives\SOFTWARE
c:\frst\Hives\SYSTEM
c:\frst\Logs\FRST_10-07-2012_19-11-49.txt
c:\frst\softdebug
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper1.exe
c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\ldrtbBit0.dll
c:\program files (x86)\BitTorrentBar\ldrtbBitT.dll
c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\tbBit0.dll
c:\program files (x86)\BitTorrentBar\tbBitT.dll
c:\program files (x86)\BitTorrentBar\toolbar.cfg
c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\UpdatusUser.Yuki-PC\AppData\Local\temp
2012-07-11 22:02 . 2012-07-11 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 03:28 . 2012-07-09 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 03:23 . 2012-07-09 03:24 -------- d-----w- c:\program files (x86)\Panda Security
2012-07-08 02:07 . 2012-07-08 02:07 -------- d-----w- c:\users\Yuki\dwhelper
2012-07-06 23:04 . 2012-07-06 23:04 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 23:04 . 2012-07-06 23:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 23:04 . 2012-07-06 23:04 -------- d-----w- c:\program files\Java
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\users\Yuki\AppData\Roaming\SUPERAntiSpyware.com
2012-07-06 01:48 . 2012-07-06 01:51 -------- d-----w- c:\program files (x86)\Google
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-06 01:48 . 2012-07-06 01:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\users\Yuki\AppData\Roaming\Malwarebytes
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 01:25 . 2012-07-06 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 01:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- C:\sh4ldr
2012-07-06 00:24 . 2012-07-06 00:24 -------- d-----w- c:\program files\Enigma Software Group
2012-07-06 00:24 . 2012-07-06 00:58 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-04 05:16 . 2012-07-04 05:16 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-07-04 02:41 . 2012-07-04 02:42 -------- d-----w- c:\program files (x86)\NT Locale Emulator Advance
2012-07-02 06:37 . 2012-07-02 06:37 -------- d-----w- c:\users\Yuki\AppData\Local\Apple Computer
2012-06-22 21:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 21:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 21:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 21:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 21:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 21:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 21:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 21:11 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 21:11 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-12 21:25 . 2012-06-12 21:25 -------- d-----w- c:\users\Yuki\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:03 . 2011-10-12 22:43 25640 ----a-w- c:\windows\gdrv.sys
2012-07-05 22:15 . 2012-04-01 20:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 22:15 . 2011-10-12 22:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 19:46 . 2011-12-24 23:59 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-24 19:46 . 2011-10-15 21:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-24 19:46 . 2011-10-15 21:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_21.15.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-11 21:25 42608 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-11 21:25 36294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-12 10:34 . 2012-07-11 21:25 15066 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2629174495-3191888799-3413499157-1000_UserData.bin
+ 2011-10-13 13:14 . 2012-07-11 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-10-13 13:14 . 2012-07-11 21:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-10-13 13:14 . 2012-07-11 21:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2011-10-13 13:14 . 2012-07-11 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 21:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-11 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-11 21:20 92944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
- 2011-10-13 01:03 . 2012-07-11 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2011-10-13 01:03 . 2012-07-11 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2011-10-13 01:03 . 2012-07-11 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2011-10-13 01:03 . 2012-07-11 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-07-11 22:03 . 2012-07-11 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-11 21:13 . 2012-07-11 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-11 22:03 . 2012-07-11 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 21:13 . 2012-07-11 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-11 21:30 660068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-11 21:01 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-11 21:30 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-11 21:01 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-11 21:12 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-11 22:02 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-13 02:56 . 2012-07-11 22:02 17896052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2629174495-3191888799-3413499157-1000-8192.dat
- 2011-10-13 02:56 . 2012-07-11 21:12 17896052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2629174495-3191888799-3413499157-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 01:50 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 257224]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-13 30528]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-16 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
R3 X6va005;X6va005;c:\users\Yuki\AppData\Local\Temp\005D06A.tmp [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-16 22408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:15]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 01:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Yuki\AppData\Roaming\Mozilla\Firefox\Profiles\duhj2aky.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1feefd87-4de1-4887-b742-50840238068e%7D&mid=4e1e55bd2b3f47d1951281ac0fb527e7-a7ff43f88bf4026fec828a06754eb9ad6dc53661&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr& d=2011-10-12%2017%3A54%3A16&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BitTorrentBar Toolbar - c:\program files (x86)\BitTorrentBar\uninstall.exe
AddRemove-???????3D - c:\games\stuff\3DCustomMaid\???????3D\Installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Yuki\AppData\Local\Temp\005D06A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Un install\񣌘򠳾􉐖03*D*]
"DisplayName"="???????3D"
"UninstallString"="c:\\Games\\stuff\\3DCustomMaid\\???????3D\\Installer .exe /luninst1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-11 17:06:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 22:06
ComboFix2.txt 2012-07-11 21:18
.
Pre-Run: 620,251,267,072 bytes free
Post-Run: 620,141,768,704 bytes free
.
- - End Of File - - 85C8F1F340141FED3FAAD9F2138D554F
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑