1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio Ads Playing in Background + Redirecting from google

Discussion in 'Virus & Other Malware Removal' started by SmartAlx, Aug 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    A couple of weeks ago I started hearing strange audio and ads coming from my computer. I hear them even when there are no programs running. I'm also getting redirected from google searches to different ad pages. I've never had any kind of virus like this before. None of my malware scanners have been able to detect anything wrong. I hope you guys can help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:40:48 PM, on 8/23/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Chicony\GameKeys\MODPS2KEY.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Hotkey\Hotkey.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
    C:\Users\Owner\Documents\batterydeley\BatteryDeley.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\Downloads\SysInfo.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -update activex (User 'Default user')
    O4 - Startup: BatteryDeley.lnk = Owner\Documents\batterydeley\BatteryDeley.exe
    O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
    O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1D97F0-D99D-46ED-BCD0-535078A6D82E}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Product - 2011/12/21 19:33:27 (CLKMSVC10_38F51D56) - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\filezillaftp\filezillaserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: lxed_device - Unknown owner - C:\Windows\system32\lxedcoms.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PowerBiosServer - Unknown owner - c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Tether - Unknown owner - C:\Program Files (x86)\Tether\TBService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17503 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 16:41:59 on 2012-08-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12267.7500 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWoW64\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    c:\xampp\filezillaftp\filezillaserver.exe
    C:\Windows\system32\lxedcoms.exe
    c:\xampp\mysql\bin\mysqld.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Tether\TBService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Protector Suite\upeksvr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Chicony\GameKeys\MODPS2KEY.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Hotkey\Hotkey.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Owner\Documents\batterydeley\BatteryDeley.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\Downloads\SysInfo.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.igoogle.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = 127.0.0.1:8118
    mWinlogon: Userinit=userinit.exe,
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
    uRun: [AdobeBridge]
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -update activex
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BATTER~1.LNK - C:\Users\Owner\Documents\batterydeley\BatteryDeley.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{17281F3E-9772-4D5F-9E88-03642A12FEB2} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1D1D97F0-D99D-46ED-BCD0-535078A6D82E} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{4B7BA040-DE96-44AA-853A-84BDA22EEA93} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{4BE78C59-7E3F-4E32-8511-2689967F6E8F} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\14C6568737D24554E44584D2960586F6E65602D4977596 : DhcpNameServer = 66.1.76.132 66.1.76.133 8.8.8.8
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\24C61636B67516C6E6574734166656 : DhcpNameServer = 68.94.156.1 68.94.157.1
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\34C6561627023507F64702631303 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\4456E6E69737F575962756C6563737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\45166647023547275656470234F666665656 : DhcpNameServer = 68.87.85.98 68.87.69.146
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\8497164747 : DhcpNameServer = 10.61.32.1 4.2.2.1
    TCP: Interfaces\{53C7BA2F-B00D-4E52-808F-0BBCF03A5338}\F44747F62616E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CFBBCC8E-0CB0-4415-8AC3-C8E4CAE14D67} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FB2C0E8C-642D-4BF9-BAFF-A3E4B7323371} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
    BHO-X64: CutePDF Form Filler - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-21 13336]
    R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-15 33792]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-5 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-15 381248]
    R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2012-4-24 52664]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-21 2656280]
    R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/21 19:33:27;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-1-12 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-1-12 8456]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-21 130976]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-23 08:32:39 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669398E4-EB21-499C-9373-41E0B5E83E2D}\offreg.dll
    2012-08-23 07:08:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-08-23 07:08:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-08-22 22:43:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2012-08-22 20:04:37 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-22 20:04:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-22 20:04:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 19:10:06 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-21 14:19:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\HandBrake
    2012-08-21 14:19:16 -------- d-----w- C:\Users\Owner\AppData\Local\HandBrake
    2012-08-21 14:19:08 -------- d-----w- C:\Program Files (x86)\Handbrake
    2012-08-16 23:38:54 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-08-16 23:10:23 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-08-15 20:35:42 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 20:35:42 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 20:34:25 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 20:34:25 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 20:34:24 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 20:34:24 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 20:33:47 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 20:33:47 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 20:33:47 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 20:32:14 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 20:32:13 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-08 20:53:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-06 05:18:39 -------- d-----w- C:\Users\Owner\.explorer.local
    2012-08-06 05:18:38 -------- d-----w- C:\Users\Owner\.explorer.cache
    2012-08-01 02:54:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    .
    ==================== Find3M ====================
    .
    2012-08-08 20:53:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 17:55:43 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
    2012-07-11 04:43:53 328704 ----a-w- C:\Windows\System32\services.exe
    2012-07-11 04:39:56 328704 ----a-w- C:\Windows\System32\services.exe.D6CBD39514E8CBF0
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-30 04:48:56 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-05-30 04:48:56 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2006-05-03 17:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 18:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 20:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 16:42:56.03 ===============
     

    Attached Files:

  2. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
  3. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands.

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

    Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

    If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

    If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
    ----------

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
    ----------
     
  4. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    Thanks for your help.


    ComboFix 12-08-28.03 - Owner 08/28/2012 23:58:46.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12267.8127 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\programdata\shscgaa.tmp
    c:\programdata\thscgaa.tmp
    c:\programdata\uwgnfaa.tmp
    c:\windows\iun6002.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-29 05:09 . 2012-08-29 05:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-29 05:09 . 2012-08-29 05:09 -------- d-----w- c:\users\Dance 'N' Date Guest\AppData\Local\temp
    2012-08-29 04:12 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66197CAE-2E7E-4437-A8A6-4242446DEE06}\mpengine.dll
    2012-08-28 03:46 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-23 07:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-08-23 07:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-08-22 22:43 . 2012-08-22 22:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-08-22 20:04 . 2012-08-22 20:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-22 20:04 . 2012-08-22 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 20:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 14:19 . 2012-08-21 14:20 -------- d-----w- c:\users\Owner\AppData\Roaming\HandBrake
    2012-08-21 14:19 . 2012-08-21 14:19 -------- d-----w- c:\users\Owner\AppData\Local\HandBrake
    2012-08-21 14:19 . 2012-08-21 14:19 -------- d-----w- c:\program files (x86)\Handbrake
    2012-08-16 23:38 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-08-16 23:10 . 2012-08-16 23:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-15 20:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 20:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 20:34 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 20:34 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 20:34 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 20:34 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 20:33 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 20:33 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 20:33 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 20:33 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 20:32 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 20:32 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-08 20:53 . 2012-08-08 20:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-06 05:18 . 2012-08-06 05:27 -------- d-----w- c:\users\Owner\.explorer.local
    2012-08-06 05:18 . 2012-08-06 05:31 -------- d-----w- c:\users\Owner\.explorer.cache
    2012-08-01 02:54 . 2012-08-01 02:54 -------- d-----w- c:\users\Owner\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 23:00 . 2012-01-06 01:04 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-08 20:53 . 2012-01-06 00:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 17:55 . 2012-07-21 17:55 33019 ----a-w- c:\windows\SysWow64\CoreAAC-uninstall.exe
    2012-07-11 04:43 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
    2012-07-11 04:39 . 2012-07-11 04:39 328704 ----a-w- c:\windows\system32\services.exe.D6CBD39514E8CBF0
    2012-06-09 05:43 . 2012-07-11 04:27 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 04:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 04:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 04:27 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 04:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 04:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 04:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 14:06 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 14:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 14:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 14:06 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 14:06 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 14:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 14:06 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 14:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 14:06 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 04:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 04:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 04:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 04:27 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 04:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 04:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 04:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 04:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 04:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2006-05-03 17:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
    2007-02-21 18:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
    2008-03-16 20:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
    2010-01-07 05:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-21 . 6F741C830A9333B3877B43B72AC7C70E . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
    "Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2012-02-14 5781554]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-30 296056]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe" [2012-08-08 686792]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BatteryDeley.lnk - c:\users\Owner\Documents\batterydeley\BatteryDeley.exe [2012-3-23 798675]
    Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/21 19:33;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 50856]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-31 15360]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-06 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 WS_Sfilter;WS_Sfilter;c:\windows\system32\DRIVERS\wsfilter.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-15 1052328]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-16 33792]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-15 381248]
    S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-11-25 52664]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-22 174680]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-07-07 140816]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RTCORE64
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-09 c:\windows\Tasks\AutoKMSCustom.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-01-09 07:00]
    .
    2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 01:24]
    .
    2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 01:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
    2012-04-01 14:33 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-08 11860072]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.igoogle.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1D1D97F0-D99D-46ED-BCD0-535078A6D82E}: NameServer = 208.67.222.222,208.67.220.220
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
    AddRemove-iPhone_Backup_Switch_1.0 - c:\windows\iun6002.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{D41289F2-69C6-417B-897E-C653D677CBAF}"=hex:51,66,7a,6c,4c,1d,38,12,9c,8a,01,
    d0,f4,27,15,04,f6,68,85,13,d3,29,8f,bb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:7f,b9,95,ef,ff,80,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,23,f8,fb,eb,87,ae,42,92,f1,5d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,23,f8,fb,eb,87,ae,42,92,f1,5d,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*_*W*i*n*_*x*8*Ó½aZ\*&#8364;$*art_carmen_an_afternoon_to_remember_.mp4]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*_*W*i*n*_*x*8*Ó½aZ\*&#8364;$*art_carmen_an_afternoon_to_remember_.mp4\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*0*_*W*i*n*_*x*8*Ó½aZ\*&#8364;$*art_carmen_an_afternoon_to_remember_.mp4]
    "0"=hex:4f,00,4f,00,6f,00,5f,00,33,00,2e,00,33,00,2e,00,30,00,5f,00,57,00,69,
    00,6e,00,5f,00,78,00,38,00,d3,bd,61,5a,5c,01,00,80,24,00,61,72,74,5f,63,61,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    c:\program files (x86)\Chicony\GameKeys\MODPS2KEY.EXE
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\xampp\filezillaftp\filezillaserver.exe
    c:\xampp\mysql\bin\mysqld.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-29 00:16:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-29 05:16
    .
    Pre-Run: 556,089,917,440 bytes free
    Post-Run: 556,938,280,960 bytes free
    .
    - - End Of File - - 3A0E3F5655C07679A4E1AEAC3E495390
     
  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • click OK
    • Press Start Scan
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
      items.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
  6. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    No threats found
     

    Attached Files:

  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Good job!

    FRST

    Download Farbar Recovery Scan Tool64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
    ----------
     
  8. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    It's not solved yet is it? I still have an infection. The sounds are still going on and Google is still redirecting.

    I didn't repair the computer yet. I'm waiting to hear back from you.
     
  9. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    No not too much has been fixed yet. What I am doing is getting a good look at your system to see what the extent of the infection is. Malware removal can take some time to complete so I appreciate your patience. :)

    Have you run the instructions for FRST yet? When you get that completed please post the log that is created.
     
  10. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    Okay. Good to know.

    I haven't run it yet. My roommate forgot to pay the power bill and my laptop lost power. It will be awhile. I'll try later on today or tonight.
     
  11. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    No problem. (y)
     
  12. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    Okay, here is the log

    Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03
    Ran by SYSTEM at 30-08-2012 02:18:45
    Running from F:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-27] (Synaptics Incorporated)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel(R) Corporation)
    HKLM\...\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe [385024 2009-03-24] (CHICOY)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe [385024 2009-03-24] (CHICOY)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [312376 2011-11-14] (Power Software Ltd)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-29] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKU\Dance 'N' Date Guest\...\Policies\system: [LogonHoursAction] 2
    HKU\Dance 'N' Date Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Owner\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\Owner\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [717696 2010-01-16] (Microsoft Corporation)
    HKU\Owner\...\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [5781554 2012-02-14] ()
    HKU\Owner\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Owner\...\Policies\system: [LogonHoursAction] 2
    HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1D1D97F0-D99D-46ED-BCD0-535078A6D82E}: [NameServer]208.67.222.222,208.67.220.220
    Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Hotkey.lnk
    ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Spyder3Utility.lnk
    ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
    Startup: C:\Users\Owner\Start Menu\Programs\Startup\BatteryDeley.lnk
    ShortcutTarget: BatteryDeley.lnk -> (No File)
    Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2010-11-12] (CyberLink)
    2 FileZilla Server; "C:\xampp\filezillaftp\filezillaserver.exe" [630272 2011-06-07] (FileZilla Project)
    2 lxed_device; C:\Windows\system32\lxedcoms.exe -service [1052328 2010-04-14] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-04-16] ()
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 PowerBiosServer; "C:\Program Files (x86)\Hotkey\PowerBiosServer.exe" [33792 2011-02-15] ()
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 Tether; C:\Program Files (x86)\Tether\TBService.exe [52664 2011-11-25] ()

    ==================== Drivers (Whitelisted) ===================

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
    3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
    3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
    3 Spyder3; C:\Windows\System32\Drivers\Spyder3.sys [15360 2010-03-30] ()
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    4 WS_Sfilter; C:\Windows\System32\DRIVERS\wsfilter.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-08-30 02:18 - 2012-08-30 02:18 - 00000000 ____D C:\FRST
    2012-08-29 23:00 - 2012-08-29 23:00 - 00000899 ____A C:\Users\All Users\tjvqbaa.tmp
    2012-08-29 05:45 - 2012-08-29 05:46 - 01449745 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2012-08-29 05:23 - 2012-08-24 10:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\TDSSKiller.exe
    2012-08-28 21:16 - 2012-08-28 21:16 - 00030973 ____A C:\ComboFix.txt
    2012-08-28 20:56 - 2012-08-28 21:16 - 00000000 ____D C:\Qoobox
    2012-08-28 20:56 - 2012-08-28 21:15 - 00000000 ____D C:\Windows\erdnt
    2012-08-28 20:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-08-28 20:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-08-28 20:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-08-28 20:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-08-28 20:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-08-28 20:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-08-28 20:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-08-28 20:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-08-28 20:55 - 2012-08-28 00:08 - 00002060 ____A C:\Users\Owner\Desktop\RKreport[20] - Copy.txt
    2012-08-28 20:55 - 2012-08-27 21:28 - 00001984 ____A C:\Users\Owner\Desktop\RKreport[16] - Copy.txt
    2012-08-28 20:55 - 2012-08-27 21:25 - 00001559 ____A C:\Users\Owner\Desktop\RKreport[15] - Copy.txt
    2012-08-28 20:50 - 2012-08-28 20:51 - 04739810 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
    2012-08-28 00:08 - 2012-08-28 00:08 - 00002060 ____A C:\Users\Owner\Desktop\RKreport[20].txt
    2012-08-27 23:31 - 2012-08-27 23:31 - 00002041 ____A C:\Users\Owner\Desktop\RKreport[19].txt
    2012-08-27 21:37 - 2012-08-27 21:37 - 00002022 ____A C:\Users\Owner\Desktop\RKreport[18].txt
    2012-08-27 21:31 - 2012-08-27 21:31 - 00001599 ____A C:\Users\Owner\Desktop\RKreport[17].txt
    2012-08-27 21:28 - 2012-08-27 21:28 - 00886784 ____A (Tigzy) C:\Users\Owner\Downloads\WhyIGotInfected.exe
    2012-08-27 21:28 - 2012-08-27 21:28 - 00001984 ____A C:\Users\Owner\Desktop\RKreport[16].txt
    2012-08-27 21:25 - 2012-08-27 21:25 - 00001559 ____A C:\Users\Owner\Desktop\RKreport[15].txt
    2012-08-27 21:24 - 2012-08-27 21:24 - 00001944 ____A C:\Users\Owner\Desktop\RKreport[14].txt
    2012-08-27 20:50 - 2012-08-27 20:50 - 00001906 ____A C:\Users\Owner\Desktop\RKreport[12].txt
    2012-08-27 20:50 - 2012-08-27 20:50 - 00001521 ____A C:\Users\Owner\Desktop\RKreport[13].txt
    2012-08-27 20:32 - 2012-08-27 20:32 - 00001866 ____A C:\Users\Owner\Desktop\RKreport[10].txt
    2012-08-27 20:32 - 2012-08-27 20:32 - 00001483 ____A C:\Users\Owner\Desktop\RKreport[11].txt
    2012-08-27 20:17 - 2012-08-27 20:17 - 00001996 ____A C:\Users\Owner\Desktop\RKreport[9].txt
    2012-08-27 20:13 - 2012-08-27 20:13 - 00001974 ____A C:\Users\Owner\Desktop\RKreport[8].txt
    2012-08-27 20:10 - 2012-08-27 20:10 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller.exe
    2012-08-27 20:10 - 2012-08-27 20:10 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller (2).exe
    2012-08-27 20:09 - 2012-08-27 20:09 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller (1).exe
    2012-08-25 01:21 - 2012-08-25 01:21 - 00001839 ____A C:\Users\Owner\Desktop\RKreport[7].txt
    2012-08-25 01:16 - 2012-08-25 01:16 - 00001956 ____A C:\Users\Owner\Desktop\RKreport[6].txt
    2012-08-25 01:11 - 2012-08-25 01:11 - 00002108 ____A C:\Users\Owner\Desktop\RKreport[5].txt
    2012-08-23 14:10 - 2012-08-23 14:10 - 00001783 ____A C:\Users\Owner\Desktop\RKreport[4].txt
    2012-08-23 14:06 - 2012-08-23 14:06 - 00000720 ____A C:\Users\Owner\Desktop\RKreport[3].txt
    2012-08-23 14:05 - 2012-08-23 14:05 - 00003497 ____A C:\Users\Owner\Desktop\RKreport[2].txt
    2012-08-23 14:01 - 2012-08-23 14:01 - 00003201 ____A C:\Users\Owner\Desktop\RKreport[1].txt
    2012-08-23 13:55 - 2012-08-27 20:14 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2012-08-23 13:44 - 2012-08-23 13:44 - 00028966 ____A C:\Users\Owner\Desktop\DDS.txt
    2012-08-23 13:44 - 2012-08-23 13:44 - 00013741 ____A C:\Users\Owner\Desktop\Attach.txt
    2012-08-23 13:41 - 2012-08-23 13:41 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
    2012-08-23 13:41 - 2012-08-23 13:41 - 00017505 ____A C:\Users\Owner\Desktop\hijackthis.log
    2012-08-23 13:40 - 2012-08-23 13:40 - 00017505 ____A C:\Users\Owner\Downloads\hijackthis.log
    2012-08-23 13:37 - 2012-08-23 13:37 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2012-08-23 13:34 - 2012-08-23 13:34 - 00509440 ____A (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo.exe
    2012-08-23 13:34 - 2012-08-23 13:34 - 00509440 ____A (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (1).exe
    2012-08-22 23:23 - 2012-08-22 23:23 - 00002033 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-08-22 23:11 - 2012-08-22 23:11 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-08-22 23:11 - 2012-08-22 23:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-08-22 23:11 - 2012-08-22 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-22 23:11 - 2012-08-22 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-22 23:11 - 2012-08-22 23:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-22 23:11 - 2012-08-22 23:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-22 23:11 - 2012-08-22 23:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-08-22 23:11 - 2012-08-22 23:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-08-22 23:11 - 2012-08-22 23:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-08-22 23:11 - 2012-08-22 23:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-08-22 23:08 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-08-22 23:08 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-08-22 14:43 - 2012-08-22 14:43 - 00000000 ____D C:\Users\Owner\Application Data\Malwarebytes
    2012-08-22 14:43 - 2012-08-22 14:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2012-08-22 12:18 - 2012-08-22 17:33 - 00000000 ____D C:\Users\Owner\Documents\SSQQ Salsa Team II
    2012-08-22 12:04 - 2012-08-22 12:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-22 12:04 - 2012-08-22 12:04 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-22 12:04 - 2012-08-22 12:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 12:04 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-21 06:19 - 2012-08-21 06:20 - 00000000 ____D C:\Users\Owner\Application Data\HandBrake
    2012-08-21 06:19 - 2012-08-21 06:20 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HandBrake
    2012-08-21 06:19 - 2012-08-21 06:19 - 00001026 ____A C:\Users\Owner\Desktop\Handbrake.lnk
    2012-08-21 06:19 - 2012-08-21 06:19 - 00001026 ____A C:\Users\Dance 'N' Date Guest\Desktop\Handbrake.lnk
    2012-08-21 06:19 - 2012-08-21 06:19 - 00000000 ____D C:\Users\Owner\AppData\Local\HandBrake
    2012-08-21 06:19 - 2012-08-21 06:19 - 00000000 ____D C:\Program Files (x86)\Handbrake
    2012-08-21 02:11 - 2012-08-21 02:23 - 00000000 ____D C:\Users\Owner\Documents\Daddy
    2012-08-19 20:08 - 2012-08-19 22:09 - 00002111 ____A C:\Users\Owner\Desktop\Alex.plist
    2012-08-19 10:43 - 2012-08-19 12:28 - 00000186 ____A C:\Users\Owner\Desktop\anti-anti-ssm.url
    2012-08-17 21:54 - 2012-08-17 21:54 - 00000000 ____D C:\Users\Owner\Desktop\absinthe-win-2.0.4
    2012-08-16 15:38 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-08-16 15:10 - 2012-08-16 15:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-16 07:52 - 2012-08-16 07:52 - 00011046 ____A C:\Windows\SysWOW64\hs_err_pid18820.log
    2012-08-16 07:51 - 2012-08-16 07:51 - 00011046 ____A C:\Windows\SysWOW64\hs_err_pid18672.log
    2012-08-15 12:35 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-15 12:35 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-15 12:34 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-15 12:34 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-15 12:34 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-15 12:34 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-15 12:33 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-15 12:33 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-15 12:33 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-15 12:33 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-15 12:33 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-15 12:32 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-15 12:32 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-14 14:56 - 2012-08-14 14:56 - 00011568 ____A C:\Users\Owner\Desktop\hs_err_pid1812.log
    2012-08-14 14:56 - 2012-08-14 14:56 - 00011567 ____A C:\Users\Owner\Desktop\hs_err_pid8108.log
    2012-08-14 14:55 - 2012-08-14 14:55 - 00011574 ____A C:\Users\Owner\Desktop\hs_err_pid12184.log
    2012-08-14 14:55 - 2012-08-14 14:55 - 00011566 ____A C:\Users\Owner\Desktop\hs_err_pid8924.log
    2012-08-14 14:54 - 2012-08-14 14:54 - 00011643 ____A C:\Users\Owner\Desktop\hs_err_pid16340.log
    2012-08-14 14:54 - 2012-08-14 14:54 - 00011571 ____A C:\Users\Owner\Desktop\hs_err_pid8524.log
    2012-08-09 15:54 - 2012-08-09 15:54 - 00011039 ____A C:\Windows\SysWOW64\hs_err_pid13252.log
    2012-08-08 13:56 - 2012-03-19 15:53 - 00001451 ____A C:\Windows\System32\Drivers\etc\hosts.20120808-165626.backup
    2012-08-08 12:53 - 2012-08-08 12:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-05 21:18 - 2012-08-05 21:31 - 00000000 ____D C:\Users\Owner\.explorer.cache
    2012-07-31 18:54 - 2012-07-31 18:54 - 00000000 ____D C:\Users\Owner\Application Data\com.adobe.DC3Module.AdobeADC
    2012-07-31 18:54 - 2012-07-31 18:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.adobe.DC3Module.AdobeADC

    ==================== 3 Months Modified Files ================================

    2012-08-29 23:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-29 23:13 - 2009-07-13 20:51 - 00061836 ____A C:\Windows\setupact.log
    2012-08-29 23:02 - 2011-12-21 19:20 - 01650407 ____A C:\Windows\WindowsUpdate.log
    2012-08-29 23:00 - 2012-08-29 23:00 - 00000899 ____A C:\Users\All Users\tjvqbaa.tmp
    2012-08-29 22:51 - 2009-07-13 21:13 - 00786790 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-29 22:49 - 2012-02-09 17:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000UA.job
    2012-08-29 05:46 - 2012-08-29 05:45 - 01449745 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2012-08-28 21:29 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-28 21:29 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-28 21:16 - 2012-08-28 21:16 - 00030973 ____A C:\ComboFix.txt
    2012-08-28 21:11 - 2012-07-12 12:27 - 00003802 _RASH C:\Users\All Users\ntuser.pol
    2012-08-28 21:11 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-08-28 21:10 - 2010-11-20 19:47 - 00014890 ____A C:\Windows\PFRO.log
    2012-08-28 20:51 - 2012-08-28 20:50 - 04739810 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
    2012-08-28 19:59 - 2012-02-09 17:24 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000Core.job
    2012-08-28 00:08 - 2012-08-28 20:55 - 00002060 ____A C:\Users\Owner\Desktop\RKreport[20] - Copy.txt
    2012-08-28 00:08 - 2012-08-28 00:08 - 00002060 ____A C:\Users\Owner\Desktop\RKreport[20].txt
    2012-08-27 23:31 - 2012-08-27 23:31 - 00002041 ____A C:\Users\Owner\Desktop\RKreport[19].txt
    2012-08-27 21:37 - 2012-08-27 21:37 - 00002022 ____A C:\Users\Owner\Desktop\RKreport[18].txt
    2012-08-27 21:31 - 2012-08-27 21:31 - 00001599 ____A C:\Users\Owner\Desktop\RKreport[17].txt
    2012-08-27 21:28 - 2012-08-28 20:55 - 00001984 ____A C:\Users\Owner\Desktop\RKreport[16] - Copy.txt
    2012-08-27 21:28 - 2012-08-27 21:28 - 00886784 ____A (Tigzy) C:\Users\Owner\Downloads\WhyIGotInfected.exe
    2012-08-27 21:28 - 2012-08-27 21:28 - 00001984 ____A C:\Users\Owner\Desktop\RKreport[16].txt
    2012-08-27 21:25 - 2012-08-28 20:55 - 00001559 ____A C:\Users\Owner\Desktop\RKreport[15] - Copy.txt
    2012-08-27 21:25 - 2012-08-27 21:25 - 00001559 ____A C:\Users\Owner\Desktop\RKreport[15].txt
    2012-08-27 21:24 - 2012-08-27 21:24 - 00001944 ____A C:\Users\Owner\Desktop\RKreport[14].txt
    2012-08-27 20:50 - 2012-08-27 20:50 - 00001906 ____A C:\Users\Owner\Desktop\RKreport[12].txt
    2012-08-27 20:50 - 2012-08-27 20:50 - 00001521 ____A C:\Users\Owner\Desktop\RKreport[13].txt
    2012-08-27 20:32 - 2012-08-27 20:32 - 00001866 ____A C:\Users\Owner\Desktop\RKreport[10].txt
    2012-08-27 20:32 - 2012-08-27 20:32 - 00001483 ____A C:\Users\Owner\Desktop\RKreport[11].txt
    2012-08-27 20:17 - 2012-08-27 20:17 - 00001996 ____A C:\Users\Owner\Desktop\RKreport[9].txt
    2012-08-27 20:13 - 2012-08-27 20:13 - 00001974 ____A C:\Users\Owner\Desktop\RKreport[8].txt
    2012-08-27 20:10 - 2012-08-27 20:10 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller.exe
    2012-08-27 20:10 - 2012-08-27 20:10 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller (2).exe
    2012-08-27 20:09 - 2012-08-27 20:09 - 01320960 ____A C:\Users\Owner\Downloads\RogueKiller (1).exe
    2012-08-25 01:21 - 2012-08-25 01:21 - 00001839 ____A C:\Users\Owner\Desktop\RKreport[7].txt
    2012-08-25 01:16 - 2012-08-25 01:16 - 00001956 ____A C:\Users\Owner\Desktop\RKreport[6].txt
    2012-08-25 01:11 - 2012-08-25 01:11 - 00002108 ____A C:\Users\Owner\Desktop\RKreport[5].txt
    2012-08-24 10:28 - 2012-08-29 05:23 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\TDSSKiller.exe
    2012-08-23 14:10 - 2012-08-23 14:10 - 00001783 ____A C:\Users\Owner\Desktop\RKreport[4].txt
    2012-08-23 14:06 - 2012-08-23 14:06 - 00000720 ____A C:\Users\Owner\Desktop\RKreport[3].txt
    2012-08-23 14:05 - 2012-08-23 14:05 - 00003497 ____A C:\Users\Owner\Desktop\RKreport[2].txt
    2012-08-23 14:01 - 2012-08-23 14:01 - 00003201 ____A C:\Users\Owner\Desktop\RKreport[1].txt
    2012-08-23 13:44 - 2012-08-23 13:44 - 00028966 ____A C:\Users\Owner\Desktop\DDS.txt
    2012-08-23 13:44 - 2012-08-23 13:44 - 00013741 ____A C:\Users\Owner\Desktop\Attach.txt
    2012-08-23 13:41 - 2012-08-23 13:41 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
    2012-08-23 13:41 - 2012-08-23 13:41 - 00017505 ____A C:\Users\Owner\Desktop\hijackthis.log
    2012-08-23 13:40 - 2012-08-23 13:40 - 00017505 ____A C:\Users\Owner\Downloads\hijackthis.log
    2012-08-23 13:37 - 2012-08-23 13:37 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2012-08-23 13:34 - 2012-08-23 13:34 - 00509440 ____A (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo.exe
    2012-08-23 13:34 - 2012-08-23 13:34 - 00509440 ____A (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (1).exe
    2012-08-23 12:40 - 2012-01-13 07:55 - 00000132 ____A C:\Users\Owner\Application Data\Adobe PNG Format CS5 Prefs
    2012-08-23 12:40 - 2012-01-13 07:55 - 00000132 ____A C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-08-22 23:23 - 2012-08-22 23:23 - 00002033 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-08-22 23:11 - 2012-08-22 23:11 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-08-22 23:11 - 2012-08-22 23:11 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-08-22 23:11 - 2012-08-22 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-22 23:11 - 2012-08-22 23:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-22 23:11 - 2012-08-22 23:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-22 23:11 - 2012-08-22 23:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-22 23:11 - 2012-08-22 23:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-08-22 23:11 - 2012-08-22 23:11 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-08-22 23:11 - 2012-08-22 23:11 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-08-22 23:11 - 2012-08-22 23:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-08-22 23:11 - 2012-08-22 23:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-08-22 23:11 - 2012-08-22 23:11 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-08-22 23:11 - 2012-01-05 17:08 - 00005159 ____A C:\Windows\IE9_main.log
    2012-08-22 12:04 - 2012-08-22 12:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-21 21:50 - 2012-02-28 10:10 - 00002457 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
    2012-08-21 06:19 - 2012-08-21 06:19 - 00001026 ____A C:\Users\Owner\Desktop\Handbrake.lnk
    2012-08-21 06:19 - 2012-08-21 06:19 - 00001026 ____A C:\Users\Dance 'N' Date Guest\Desktop\Handbrake.lnk
    2012-08-19 22:09 - 2012-08-19 20:08 - 00002111 ____A C:\Users\Owner\Desktop\Alex.plist
    2012-08-19 12:28 - 2012-08-19 10:43 - 00000186 ____A C:\Users\Owner\Desktop\anti-anti-ssm.url
    2012-08-19 10:33 - 2012-01-27 22:31 - 00000622 ____A C:\Users\Owner\Desktop\TakeOwnership.zip
    2012-08-16 21:19 - 2012-02-02 23:38 - 00800288 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-16 15:47 - 2009-07-13 20:45 - 05003536 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-16 15:00 - 2012-01-05 17:04 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-16 07:52 - 2012-08-16 07:52 - 00011046 ____A C:\Windows\SysWOW64\hs_err_pid18820.log
    2012-08-16 07:51 - 2012-08-16 07:51 - 00011046 ____A C:\Windows\SysWOW64\hs_err_pid18672.log
    2012-08-14 14:56 - 2012-08-14 14:56 - 00011568 ____A C:\Users\Owner\Desktop\hs_err_pid1812.log
    2012-08-14 14:56 - 2012-08-14 14:56 - 00011567 ____A C:\Users\Owner\Desktop\hs_err_pid8108.log
    2012-08-14 14:55 - 2012-08-14 14:55 - 00011574 ____A C:\Users\Owner\Desktop\hs_err_pid12184.log
    2012-08-14 14:55 - 2012-08-14 14:55 - 00011566 ____A C:\Users\Owner\Desktop\hs_err_pid8924.log
    2012-08-14 14:54 - 2012-08-14 14:54 - 00011643 ____A C:\Users\Owner\Desktop\hs_err_pid16340.log
    2012-08-14 14:54 - 2012-08-14 14:54 - 00011571 ____A C:\Users\Owner\Desktop\hs_err_pid8524.log
    2012-08-09 15:54 - 2012-08-09 15:54 - 00011039 ____A C:\Windows\SysWOW64\hs_err_pid13252.log
    2012-08-08 12:53 - 2012-08-08 12:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-08 12:53 - 2012-01-05 16:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-30 15:52 - 2012-07-03 11:08 - 00010817 ____A C:\Users\Owner\Desktop\02 - Sun Sun Babae.aup
    2012-07-24 01:25 - 2012-07-24 01:25 - 00000431 ____A C:\Users\Owner\Desktop\ZORRO Shirt (authentique) use on movies 9 Colors available.htm
    2012-07-24 01:25 - 2012-07-24 01:25 - 00000431 ____A C:\Users\Owner\Desktop\ZORRO Shirt (authentique) use on movies 9 Colors available (2).htm
    2012-07-24 01:19 - 2012-07-24 01:19 - 00076889 ____A C:\Users\Owner\Downloads\ZORRO Shirt (authentique) use on movies 9 Colors available.htm
    2012-07-21 10:00 - 2012-07-21 10:00 - 00003584 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-21 09:55 - 2012-07-21 09:55 - 00033019 ____A C:\Windows\SysWOW64\CoreAAC-uninstall.exe
    2012-07-21 09:53 - 2012-07-21 09:53 - 00000998 ____A C:\Users\Dance 'N' Date Guest\Desktop\Avi2Dvd.lnk
    2012-07-18 10:15 - 2012-08-15 12:32 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-16 23:15 - 2012-07-16 23:15 - 00201576 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-07-12 12:28 - 2012-02-23 14:32 - 00000998 ____A C:\Users\Owner\Desktop\MakeMKV.lnk
    2012-07-12 11:51 - 2012-07-12 11:51 - 04474022 ____A (GuinpinSoft inc) C:\Users\Owner\Downloads\Setup_MakeMKV_v1.7.6.exe
    2012-07-10 20:53 - 2012-07-10 20:52 - 00001341 ____A C:\Users\Owner\Desktop\Cancel Shutdown.lnk
    2012-07-10 20:46 - 2012-01-11 15:47 - 00116704 ____A C:\Users\Dance 'N' Date Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-10 20:43 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-10 20:39 - 2012-07-10 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6CBD39514E8CBF0
    2012-07-10 20:38 - 2012-02-02 23:39 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-08 00:22 - 2012-02-27 13:32 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-07-06 12:07 - 2012-08-16 15:38 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-07-04 14:16 - 2012-08-15 12:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 12:33 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 12:33 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 12:33 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 12:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-03 10:46 - 2012-08-22 12:04 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 20:58 - 2012-07-02 20:57 - 20928200 ____A (Audacity Team ) C:\Users\Owner\Downloads\audacity-win-2.0.1.exe
    2012-06-28 19:58 - 2012-06-28 19:58 - 00052736 ____A (Technic) C:\Users\Owner\Downloads\TechnicLauncher.exe
    2012-06-26 23:04 - 2012-06-26 22:49 - 00002333 ____A C:\Users\Owner\Desktop\Alex4.plist
    2012-06-26 23:04 - 2012-06-17 22:03 - 00002333 ____A C:\Users\Owner\Desktop\Alex2.plist
    2012-06-26 22:49 - 2012-06-21 22:39 - 00002325 ____A C:\Users\Owner\Desktop\Alex3.plist
    2012-06-21 20:11 - 2012-06-21 20:11 - 00459468 ____A C:\Users\Owner\Downloads\[kat.ph]psych.season.6.complete.hdtv.xvid.mp3.x264.torrent
    2012-06-21 19:41 - 2012-06-21 19:41 - 00000017 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg
    2012-06-20 11:54 - 2012-06-20 11:53 - 01314059 ____A (Ashisoft ) C:\Users\Owner\Downloads\mp3_dfsetup (5).exe
    2012-06-17 16:02 - 2012-06-17 12:49 - 09620104 ____A C:\Users\Owner\Downloads\walltemplate.psd
    2012-06-17 13:17 - 2012-06-17 13:17 - 00032393 ____A C:\Users\Owner\Downloads\Psych - The Complete Season 5 [HDTV] [h33t].torrent
    2012-06-17 13:17 - 2012-06-17 13:17 - 00032393 ____A C:\Users\Owner\Downloads\Psych - The Complete Season 5 [HDTV] [h33t] (1).torrent
    2012-06-17 13:16 - 2012-06-17 13:15 - 00281056 ____A C:\Users\Owner\Downloads\Psych_Season_5_Complete_HDTV_Rips (1).exe
    2012-06-17 13:15 - 2012-06-17 13:15 - 00242912 ____A C:\Users\Owner\Downloads\Psych_Season_5_Complete_HDTV_Rips.exe
    2012-06-13 23:49 - 2012-06-11 00:01 - 00005768 ____A C:\Users\Owner\Desktop\Widget.html
    2012-06-10 23:13 - 2012-06-10 20:44 - 01141718 ____A C:\Users\Owner\Desktop\new background.psd
    2012-06-08 21:43 - 2012-07-10 20:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 20:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-08 13:29 - 2012-06-08 13:28 - 01314059 ____A (Ashisoft ) C:\Users\Owner\Downloads\mp3_dfsetup (4).exe
    2012-06-05 22:06 - 2012-07-10 20:27 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 20:27 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 20:27 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 20:27 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 20:27 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 20:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 17:25 - 2012-06-02 17:25 - 00000000 ____A C:\Users\Owner\Desktop\com.saurik.mobilesubstrate.dat
    2012-06-02 14:19 - 2012-06-22 06:06 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 06:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 06:06 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 06:06 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 06:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 06:06 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 06:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-22 06:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-22 06:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0857600 ____A (Microsoft Corporation) 6F741C830A9333B3877B43B72AC7C70E

    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-20 12:49:55
    Restore point made on: 2012-08-22 23:08:59
    Restore point made on: 2012-08-27 19:45:51

    ==================== Memory info ===========================

    Percentage of memory in use: 8%
    Total physical RAM: 12267.45 MB
    Available physical RAM: 11225.82 MB
    Total Pagefile: 12265.64 MB
    Available Pagefile: 11220.63 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions ============================

    1 Drive c: (Windows) (Fixed) (Total:1397.07 GB) (Free:518.68 GB) NTFS
    3 Drive f: (CORSAIR) (Removable) (Total:3.77 GB) (Free:0.15 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 Online 3872 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 1024 KB
    Partition 2 Primary 1397 GB 201 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 200 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3871 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F CORSAIR FAT32 Removable 3871 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-27 17:12

    ==================== End Of Log =============================
     
  13. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If asked whether you would like to update the Avast virus database please do.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------

    Please post the logs made by ComboFix and aswMBR. :)
     
  14. SmartAlx

    SmartAlx Thread Starter

    Joined:
    Aug 23, 2012
    Messages:
    37
    ComboFix 12-08-30.05 - Owner 08/30/2012 15:28:37.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12267.9532 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\All Users\tjvqbaa.tmp"
    "c:\windows\system32\services.exe.D6CBD39514E8CBF0"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\GetRight\GRbrowse.htm
    c:\program files (x86)\GetRight\GRdownload.htm
    c:\programdata\tjvqbaa.tmp
    c:\users\All Users\tjvqbaa.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\~DFK3ad0c7.tmp
    c:\users\Owner\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Owner\AppData\Roaming\Microsoft\bass.dll
    c:\users\Owner\AppData\Roaming\Microsoft\engine_ag.dll
    c:\users\Owner\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Owner\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Owner\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Owner\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Owner\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Owner\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\windows\system32\services.exe.D6CBD39514E8CBF0
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-30 20:35 . 2012-08-30 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-30 20:35 . 2012-08-30 20:35 -------- d-----w- c:\users\Dance 'N' Date Guest\AppData\Local\temp
    2012-08-30 10:18 . 2012-08-30 10:18 -------- d-----w- C:\FRST
    2012-08-30 08:23 . 2012-08-30 08:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
    2012-08-30 08:23 . 2010-12-24 16:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-08-30 08:22 . 2012-08-30 08:23 -------- d-----w- c:\program files (x86)\Streaming Audio Recorder
    2012-08-30 05:50 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB0D1E52-3628-4E98-8C23-02DF4FF95386}\mpengine.dll
    2012-08-29 05:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-23 07:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-08-23 07:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-08-22 22:43 . 2012-08-22 22:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-08-22 20:04 . 2012-08-22 20:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-22 20:04 . 2012-08-22 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 20:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 14:19 . 2012-08-21 14:20 -------- d-----w- c:\users\Owner\AppData\Roaming\HandBrake
    2012-08-21 14:19 . 2012-08-21 14:19 -------- d-----w- c:\users\Owner\AppData\Local\HandBrake
    2012-08-21 14:19 . 2012-08-21 14:19 -------- d-----w- c:\program files (x86)\Handbrake
    2012-08-16 23:38 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-08-16 23:10 . 2012-08-16 23:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-15 20:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 20:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 20:34 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 20:34 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 20:34 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 20:34 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 20:33 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 20:33 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 20:33 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 20:33 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 20:32 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 20:32 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-08 20:53 . 2012-08-08 20:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-06 05:18 . 2012-08-06 05:27 -------- d-----w- c:\users\Owner\.explorer.local
    2012-08-06 05:18 . 2012-08-06 05:31 -------- d-----w- c:\users\Owner\.explorer.cache
    2012-08-01 02:54 . 2012-08-01 02:54 -------- d-----w- c:\users\Owner\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 23:00 . 2012-01-06 01:04 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-08 20:53 . 2012-01-06 00:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 17:55 . 2012-07-21 17:55 33019 ----a-w- c:\windows\SysWow64\CoreAAC-uninstall.exe
    2012-07-11 04:43 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
    2012-06-09 05:43 . 2012-07-11 04:27 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 04:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 04:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 04:27 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 04:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 04:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 04:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 14:06 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 14:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 14:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 14:06 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 14:06 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 14:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 14:06 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 14:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 14:06 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 04:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 04:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 04:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 04:27 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 04:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 04:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 04:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 04:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 04:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2006-05-03 17:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
    2007-02-21 18:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
    2008-03-16 20:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
    2010-01-07 05:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-21 . 6F741C830A9333B3877B43B72AC7C70E . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    ((((((((((((((((((((((((((((( [email protected]_05.11.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-09 09:43 . 2012-08-30 20:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-08-09 09:43 . 2012-08-29 04:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-08-23 07:21 . 2012-08-30 20:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    - 2012-08-23 07:21 . 2012-08-29 04:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    - 2012-07-08 08:33 . 2012-08-23 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-07-08 08:33 . 2012-08-29 14:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-08-29 05:48 . 2012-08-29 20:02 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082920120830\index.dat
    + 2012-08-30 20:33 . 2012-08-30 20:33 44032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F74678B0-F2E1-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:33 . 2012-08-30 07:33 55296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F55139B9-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:33 . 2012-08-30 07:33 91136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F55139B7-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:32 . 2012-08-29 13:32 28160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F07C2A67-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 14:00 . 2012-08-29 14:01 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECA8B35C-F1E1-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:25 . 2012-08-30 07:32 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EBC4A1D8-F273-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:17 . 2012-08-29 13:18 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7A953F3-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:31 . 2012-08-29 13:32 31232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDAA629B-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:51 . 2012-08-30 08:51 38912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC149EBF-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:51 . 2012-08-30 08:51 97792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC149EBD-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:00 . 2012-08-30 08:00 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D23C3441-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:00 . 2012-08-30 08:00 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D23C343F-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:00 . 2012-08-30 08:03 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CC3B403D-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:32 . 2012-08-30 07:33 48128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CC26C018-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:16 . 2012-08-29 13:17 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3340968-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:16 . 2012-08-29 13:17 27648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C32E15E1-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:31 . 2012-08-30 07:33 48128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B287B0A1-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:31 . 2012-08-30 07:33 48128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B287B0A0-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:31 . 2012-08-30 07:33 27648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B287B09E-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:30 . 2012-08-29 13:32 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2538AF7-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:52 . 2012-08-30 07:52 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AFA421B8-F277-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:29 . 2012-08-30 05:36 33792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A828AD5D-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:49 . 2012-08-30 08:51 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A501E9CD-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:49 . 2012-08-30 08:51 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DF8829D-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:29 . 2012-08-29 13:33 46592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94075CA5-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 05:51 . 2012-08-29 05:55 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93E307E4-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:22 . 2012-08-29 13:23 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9026E606-F1DC-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:28 . 2012-08-30 05:29 45568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86931417-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:48 . 2012-08-30 08:51 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A3E2C92-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:48 . 2012-08-30 08:51 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A3E2C90-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:28 . 2012-08-29 13:33 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78035223-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:35 . 2012-08-30 05:39 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75ED7CDD-F264-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:01 . 2012-08-30 07:02 49664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73B2E362-F270-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 05:50 . 2012-08-29 05:55 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73902C8A-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:29 . 2012-08-30 07:33 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{730BD847-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:57 . 2012-08-30 08:00 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{518B5B6B-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 05:49 . 2012-08-29 05:55 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EF4E912-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:40 . 2012-08-30 05:43 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40D10288-F265-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:56 . 2012-08-30 08:00 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{344667C5-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:26 . 2012-08-29 13:32 80384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C5902E3-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:26 . 2012-08-29 13:32 80896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C5902E1-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 20:20 . 2012-08-30 20:21 89600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29EDF5D9-F2E0-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 20:20 . 2012-08-30 20:21 82432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29EDCEC9-F2E0-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:55 . 2012-08-30 08:00 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20B93C7A-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:41 . 2012-08-30 07:48 64512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1727800B-F276-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:40 . 2012-08-29 13:42 26624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1066C625-F1DF-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 05:54 . 2012-08-29 05:55 77312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E48EA51-F19E-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:18 . 2012-08-29 13:22 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E2FF3DA-F1DC-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 14:01 . 2012-08-29 20:02 73728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{054F5573-F1E2-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 06:14 . 2012-08-30 06:21 46592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02366508-F26A-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 05:54 . 2012-08-29 05:55 61952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0224107C-F19E-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-07-08 08:29 . 2012-08-30 20:33 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-08 08:29 . 2012-08-29 04:48 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-11-21 03:09 . 2012-08-30 07:24 29990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-30 07:24 33118 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:30 . 2012-08-30 08:23 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-08-16 23:45 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2012-08-30 08:23 . 2010-12-24 16:43 29288 c:\windows\system32\DriverStore\FileRepository\virtualaudio.inf_amd64_neutral_2edc1b2270f62c55\Apowersoft_AudioDevice.sys
    + 2011-12-29 23:18 . 2012-08-30 08:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-29 23:18 . 2012-08-28 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-29 23:17 . 2012-08-28 04:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-12-29 23:17 . 2012-08-30 08:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-30 08:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-28 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-08-29 05:18 89040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2012-08-23 07:21 . 2012-08-29 04:54 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{31D7F2E8-ECF3-11E1-9E82-0090F5C78EAD}.dat
    + 2012-08-23 07:21 . 2012-08-30 20:35 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{31D7F2E8-ECF3-11E1-9E82-0090F5C78EAD}.dat
    + 2012-08-30 20:35 . 2012-08-30 20:35 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{44215F27-F2E2-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:54 . 2012-08-30 08:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD2310C8-F277-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 20:33 . 2012-08-30 20:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F74678AF-F2E1-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:30 . 2012-08-30 08:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE0AE396-F27C-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:38 . 2012-08-30 05:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ECB0FD9A-F264-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 14:00 . 2012-08-29 14:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ECA8B35B-F1E1-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:25 . 2012-08-30 07:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBC4A1D7-F273-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:17 . 2012-08-29 13:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7E12DA5-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:17 . 2012-08-29 13:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7A953F2-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:08 . 2012-08-30 08:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6F533BF-F279-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:52 . 2012-08-29 13:52 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF77C395-F1E0-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:16 . 2012-08-29 13:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3340967-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:16 . 2012-08-29 13:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C32E15E0-F1DB-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:51 . 2012-08-30 05:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C320E50D-F266-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:29 . 2012-08-30 05:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A828AD5C-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:29 . 2012-08-30 05:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5D3910C-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:52 . 2012-08-30 07:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A49F13FC-F277-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:28 . 2012-08-30 05:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86931416-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:35 . 2012-08-30 05:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75ED7CDC-F264-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:00 . 2012-08-30 07:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73B2E361-F270-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:35 . 2012-08-29 13:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71E643D5-F1DE-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:35 . 2012-08-29 13:41 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6BC1E8CE-F1DE-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 20:02 . 2012-08-29 20:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{68EF6085-F214-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:47 . 2012-08-30 08:51 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57731C07-F27F-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:56 . 2012-08-30 08:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33C6D5AA-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:26 . 2012-08-29 13:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C6697A8-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 20:20 . 2012-08-30 20:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{29EDF5D8-F2E0-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 20:20 . 2012-08-30 20:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{29EDCEC8-F2E0-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 05:48 . 2012-08-29 05:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25645927-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:41 . 2012-08-30 07:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1727800A-F276-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 07:26 . 2012-08-30 07:33 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B6E2095-F274-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:25 . 2012-08-29 13:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{083429A8-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 14:01 . 2012-08-29 14:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{054F5572-F1E2-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 06:14 . 2012-08-30 06:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02366507-F26A-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:26 . 2012-08-30 07:26 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCA02101-F273-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 20:33 . 2012-08-30 20:33 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F74678B1-F2E1-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:30 . 2012-08-30 05:31 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA689273-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:52 . 2012-08-29 13:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF77C396-F1E0-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:14 . 2012-08-30 08:15 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C41AB2DB-F27A-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:51 . 2012-08-30 05:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C320E50E-F266-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:37 . 2012-08-29 13:41 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6A62605-F1DE-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:52 . 2012-08-30 07:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A49F13FE-F277-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:35 . 2012-08-30 05:35 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CE57E41-F264-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:28 . 2012-08-29 13:33 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78035221-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:34 . 2012-08-30 05:35 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E085870-F264-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 20:02 . 2012-08-29 20:02 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68EF6086-F214-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:41 . 2012-08-29 13:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BE0417A-F1DF-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 05:48 . 2012-08-29 05:49 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{361E3597-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 08:31 . 2012-08-30 08:31 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BF67984-F27D-11E1-8237-0090F5C78EAD}.dat
    + 2011-12-29 23:18 . 2012-08-30 07:24 9180 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4220072673-4248511403-524602399-1000_UserData.bin
    - 2012-08-29 05:11 . 2012-08-29 05:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-30 20:36 . 2012-08-30 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-29 05:11 . 2012-08-29 05:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-30 20:36 . 2012-08-30 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-08-30 20:35 622592 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-30 05:28 . 2012-08-30 20:35 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012083020120831\index.dat
    + 2012-08-30 08:08 . 2012-08-30 08:15 456192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6F533C0-F279-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 08:36 . 2012-08-30 08:36 319488 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C06096F0-F27D-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-30 05:29 . 2012-08-30 05:33 280576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5D3910D-F263-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 05:43 . 2012-08-30 05:43 379392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E5DD413-F265-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:22 . 2012-08-29 13:23 126976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9026E604-F1DC-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:35 . 2012-08-29 13:42 168960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BC1E8CF-F1DE-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-30 07:56 . 2012-08-30 08:03 711680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33C6D5AB-F278-11E1-8237-0090F5C78EAD}.dat
    + 2012-08-29 13:41 . 2012-08-29 13:41 610816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{330DAC58-F1DF-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:26 . 2012-08-29 13:33 111104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C6697A9-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-08-29 13:25 . 2012-08-29 13:32 164864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{083429A9-F1DD-11E1-9BBF-0090F5C78EAD}.dat
    + 2011-12-30 06:21 . 2012-08-30 20:20 311264 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2012-08-30 07:28 665600 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-24 08:15 665600 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-30 07:28 123336 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-08-24 08:15 123336 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:30 . 2012-08-16 23:45 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-30 08:23 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-30 08:23 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-08-16 23:45 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:01 . 2012-08-29 05:10 522344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-30 20:35 522344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-08-16 23:51 . 2012-08-30 20:35 3768320 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2009-07-14 04:54 . 2012-08-30 20:35 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-29 04:54 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-30 20:35 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-29 05:48 . 2012-08-29 05:55 1138688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25645928-F19D-11E1-9BBF-0090F5C78EAD}.dat
    + 2012-01-06 02:19 . 2012-08-30 20:35 1410128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4220072673-4248511403-524602399-1000-8192.dat
    + 2012-08-29 05:10 . 2012-08-30 20:35 3910408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
    "Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2012-02-14 5781554]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-30 296056]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe" [2012-08-08 686792]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BatteryDeley.lnk - c:\users\Owner\Documents\batterydeley\BatteryDeley.exe [2012-3-23 798675]
    Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/21 19:33;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 50856]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-31 15360]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-06 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 WS_Sfilter;WS_Sfilter;c:\windows\system32\DRIVERS\wsfilter.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-15 1052328]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-16 33792]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-15 381248]
    S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-11-25 52664]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-22 174680]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-07-07 140816]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RTCORE64
    *Deregistered* - CLKMDRV10_38F51D56
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-09 c:\windows\Tasks\AutoKMSCustom.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-01-09 07:00]
    .
    2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 01:24]
    .
    2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220072673-4248511403-524602399-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 01:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-08 11860072]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1D1D97F0-D99D-46ED-BCD0-535078A6D82E}: NameServer = 208.67.222.222,208.67.220.220
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{D41289F2-69C6-417B-897E-C653D677CBAF}"=hex:51,66,7a,6c,4c,1d,38,12,9c,8a,01,
    d0,f4,27,15,04,f6,68,85,13,d3,29,8f,bb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:7f,b9,95,ef,ff,80,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,23,f8,fb,eb,87,ae,42,92,f1,5d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,23,f8,fb,eb,87,ae,42,92,f1,5d,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*_*W*i*n*_*x*8*Ó½aZ\*€$*art_carmen_an_afternoon_to_remember_.mp4]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*_*W*i*n*_*x*8*Ó½aZ\*€$*art_carmen_an_afternoon_to_remember_.mp4\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-4220072673-4248511403-524602399-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*0*_*W*i*n*_*x*8*Ó½aZ\*€$*art_carmen_an_afternoon_to_remember_.mp4]
    "0"=hex:4f,00,4f,00,6f,00,5f,00,33,00,2e,00,33,00,2e,00,30,00,5f,00,57,00,69,
    00,6e,00,5f,00,78,00,38,00,d3,bd,61,5a,5c,01,00,80,24,00,61,72,74,5f,63,61,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\xampp\filezillaftp\filezillaserver.exe
    c:\xampp\mysql\bin\mysqld.exe
    c:\program files (x86)\Chicony\GameKeys\MODPS2KEY.EXE
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-30 15:43:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-30 20:43
    ComboFix2.txt 2012-08-29 05:16
    .
    Pre-Run: 556,318,773,248 bytes free
    Post-Run: 555,995,475,968 bytes free
    .
    - - End Of File - - 98D78D511D4DDE6C6BA759F394F75BAE



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-30 15:50:48
    -----------------------------
    15:50:48.684 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:50:48.684 Number of processors: 8 586 0x2A07
    15:50:48.684 ComputerName: OWNER-PC UserName: Owner
    15:50:53.128 Initialize success
    15:53:36.864 AVAST engine defs: 12083001
    15:58:04.801 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  15. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    How is your system running?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1066272

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice