Help - Totally Infected

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
This computer is a mess. It is telling me I have a worm infection, it runs slowly and redirects constantly and even begins talking by itself. Please help!!!!!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3830 Mb
Graphics Card: NVIDIA GeForce GT 420M, 1024 Mb
Hard Drives: C: Total - 468280 MB, Free - 292676 MB;
Motherboard: Dell Inc., 0MDPK8
Antivirus: Spyware Doctor with AntiVirus, Updated and Enabled


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:51 PM, on 11/30/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Users\will\AppData\Roaming\88366\C55A7.exe
C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
C:\Users\will\AppData\Roaming\66902\lvvm.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\will\Downloads\HijackThis(2).exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:58747
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
R3 - URLSearchHook: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
F3 - REG:win.ini: load=C:\Users\will\AppData\Roaming\66902\lvvm.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Pagemood 1.3 - {0E35554F-0623-4BAA-8521-AEE9901528B6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MovieBario - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Buzzcustom 1.4 - {97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: FreeFrog 1.0 - {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O2 - BHO: FCTBPos00Pos - {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
O4 - HKLM\..\Run: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
O4 - HKLM\..\Run: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [C6F.exe] C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\Connectifyd.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17980 bytes



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by will at 10:48:05 on 2011-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1219 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Users\will\AppData\Roaming\88366\C55A7.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\will\AppData\Roaming\66902\lvvm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\PC Tools Security\upgrade.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58747
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
uURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\will\AppData\Roaming\88366\C55A7.exe
uWindows: Load=C:\Users\will\AppData\Roaming\66902\lvvm.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Pagemood 1.3: {0e35554f-0623-4baa-8521-aee9901528b6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Buzzcustom 1.4: {97788fc1-b4b7-49dc-b4ad-51bfcd27a7ce} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO: FreeFrog 1.0: {a229bc5b-e7a2-447b-b015-1e7ca944978d} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: SocialRibbons LP5: {cbf3fdca-6104-1864-d931-d737d2bfc202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [C6F.exe] C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TaskTray]
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRun: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
mRun: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
mRun: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\will\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\059636F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6563647966697D2B496C6C696E67647F6E6 : DhcpNameServer = 192.168.116.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6F627 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\54163747F6E69616E6 : DhcpNameServer = 204.186.110.76 216.144.187.37
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E} : NameServer = 192.168.2.1
TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E} : NameServer = 192.168.2.1
TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C} : NameServer = 68.87.71.230,68.87.73.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Pagemood 1.3: {0E35554F-0623-4BAA-8521-AEE9901528B6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
BHO-X64: MovieBario - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Buzzcustom 1.4: {97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: FreeFrog 1.0: {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: SocialRibbons LP5: {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
BHO-X64: IncrediMail MediaBar 2 - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
TB-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TaskTray]
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRun-x64: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
mRun-x64: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
mRun-x64: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\Iminent.WebBooster.XPCOM.18.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCore.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components\PriceGongFF.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\[email protected]\components\FFHst.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npBuzzcustom.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFreeFrog.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPagemood.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\will\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-2 98208]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-9 892992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-2 1620584]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-1-13 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-1-13 1150936]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-2 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-2 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-14 1153368]
S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-28 14:49:29 -------- d-----w- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-11-28 14:37:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-11-28 14:37:12 -------- d-----w- C:\Users\will\AppData\Local\Microsoft Help
2011-11-28 08:45:17 -------- d--h--w- C:\Windows\AxInstSV
2011-11-26 18:38:20 -------- d-----w- C:\Roxio
2011-11-26 16:40:57 127 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
2011-11-26 16:38:22 284160 ----a-w- C:\Users\will\AppData\Roaming\iexplore.exe
2011-11-26 16:36:41 -------- d-----w- C:\Users\will\AppData\Roaming\66902
2011-11-26 16:36:32 98816 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\6104.tmp
2011-11-26 16:36:12 -------- d-----w- C:\Users\will\AppData\Roaming\88366
2011-11-26 16:36:10 284160 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
2011-11-26 11:17:40 -------- d-sh--w- C:\ProgramData\SecuROM
2011-11-26 11:06:37 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-11-26 11:06:08 -------- d-----w- C:\Windows\SysWow64\xlive
2011-11-26 11:06:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-11-25 19:55:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-11-25 19:55:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-11-25 19:55:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-11-25 19:55:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-11-25 19:55:02 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-11-25 19:55:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-11-25 19:55:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-11-25 19:55:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2011-11-25 19:54:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-11-25 19:54:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-11-23 20:30:33 32256 ----a-w- C:\Windows\SysWow64\J3Tl3.com
2011-11-16 20:00:47 -------- d-----we C:\Windows\system64
2011-11-12 16:19:02 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-12 16:19:02 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-12 16:19:02 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-12 16:19:02 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-12 16:19:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-12 16:19:00 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-12 16:17:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2011-11-11 21:08:46 -------- d-----w- C:\Program Files (x86)\LP
2011-11-11 20:04:04 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
2011-11-10 23:28:31 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-11-10 23:28:30 -------- d-----w- C:\ProgramData\Tarma Installer
2011-11-10 23:28:26 -------- d-----w- C:\Program Files (x86)\PlayPickle Toolbar
2011-11-09 12:18:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 12:18:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 12:18:04 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 12:18:04 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 10:58:47.07 ===============
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Hiya rabbit12,

Do the following :-

Disable teatimer and leave off for now.
1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

There is a proxy server running in Internet Explorer, if you did not set that up do the following:

Open Internet Explorer, Select -> Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Kevin:

Thanks so much for the help. Here is the log from the ComboFix scan.

ComboFix 11-12-04.04 - Admin 12/04/2011 18:45:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2180 [GMT -5:00]
Running from: c:\users\Admin\Desktop\Gotcha.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\progra~2\Pagemood\PAGEmo~1.dll
c:\program files (x86)\LP
c:\program files (x86)\LP\81B8\7A9.exe
c:\program files (x86)\LP\A738\C6F.exe
c:\program files (x86)\LP\E038\92B.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\programdata\vMttfGqwJXmmgo.exe
c:\users\Admin\AppData\Roaming\88366
c:\users\Admin\AppData\Roaming\88366\6902.836
c:\users\Admin\AppData\Roaming\88366\C55A7.exe
c:\users\Admin\AppData\Roaming\iexplore.exe
c:\users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\searchplugins\bing-zugo.xml
c:\users\Will Everyday\AppData\Roaming\8327.tmp
c:\users\Will Everyday\AppData\Roaming\firefox.exe
c:\users\Will Everyday\AppData\Roaming\java.exe
c:\users\will\AppData\Roaming\iexplore.exe
c:\users\will\Uninstall.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\Tasks\At1.job
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\will\AppData\Local\temp
2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\Will Everyday\AppData\Local\temp
2011-12-05 00:35 . 2011-12-05 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 23:11 . 2011-12-04 23:11 127 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
2011-12-04 23:00 . 2011-12-04 23:00 -------- d-----w- c:\program files (x86)\66902
2011-12-02 08:46 . 2011-12-01 22:13 116224 ----a-w- c:\windows\SysWow64\J3Tl3.com
2011-11-30 21:23 . 2011-11-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-30 21:13 . 2011-11-30 21:13 285696 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
2011-11-29 21:49 . 2011-11-29 21:49 285184 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
2011-11-29 21:45 . 2011-11-29 21:45 -------- d-----w- C:\found.001
2011-11-28 14:49 . 2011-11-28 14:49 -------- d--h--w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-11-28 14:37 . 2011-11-28 14:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-11-28 14:37 . 2011-11-28 14:37 -------- d--h--w- c:\users\will\AppData\Local\Microsoft Help
2011-11-28 14:37 . 2011-11-30 21:25 -------- d-----w- c:\programdata\Microsoft Help
2011-11-28 14:36 . 2011-11-28 14:36 -------- d-----r- C:\MSOCache
2011-11-28 08:45 . 2011-11-28 11:43 -------- d--h--w- c:\windows\AxInstSV
2011-11-26 18:38 . 2011-11-26 18:38 -------- d-----w- C:\Roxio
2011-11-26 16:40 . 2011-11-26 16:40 127 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
2011-11-26 16:37 . 2011-12-04 23:11 -------- d-----w- c:\users\Admin\AppData\Roaming\66902
2011-11-26 16:37 . 2011-11-26 16:37 98816 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
2011-11-26 16:36 . 2011-11-26 16:40 -------- d--h--w- c:\users\will\AppData\Roaming\66902
2011-11-26 16:36 . 2011-11-26 16:36 98816 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
2011-11-26 16:36 . 2011-12-04 23:00 -------- d--h--w- c:\users\will\AppData\Roaming\88366
2011-11-26 16:36 . 2011-11-26 16:41 284160 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
2011-11-26 16:14 . 2011-11-26 16:14 -------- d-----w- c:\users\Admin\AppData\Local\Rockstar Games
2011-11-26 11:17 . 2011-11-26 11:17 -------- d-sh--w- c:\programdata\SecuROM
2011-11-26 11:15 . 2011-11-26 11:15 -------- d-----w- c:\users\Will Everyday\AppData\Local\Rockstar Games
2011-11-26 11:11 . 2011-11-26 11:11 -------- d--h--r- c:\users\Will Everyday\AppData\Roaming\SecuROM
2011-11-26 11:06 . 2011-11-26 11:06 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
2011-11-26 11:06 . 2011-11-26 11:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\windows\SysWow64\xlive
2011-11-25 19:55 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-25 19:55 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-11-25 19:55 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-11-25 19:55 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-25 19:55 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-11-25 19:54 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-11-25 19:54 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-20 14:06 . 2011-11-20 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2011-11-20 11:30 . 2011-12-04 23:16 276480 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
2011-11-20 03:36 . 2011-11-20 03:36 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
2011-11-19 23:07 . 2011-11-19 23:07 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
2011-11-19 15:05 . 2011-11-19 15:05 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
2011-11-18 00:24 . 2011-11-18 00:24 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
2011-11-17 09:36 . 2011-11-17 09:36 289792 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
2011-11-17 01:04 . 2011-11-17 01:04 -------- d-----w- c:\users\Admin\AppData\Local\Connectify
2011-11-13 23:37 . 2011-11-13 23:37 276480 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
2011-11-12 16:19 . 2011-11-12 16:19 -------- d-----w- c:\users\Will Everyday\AppData\Local\Skyrim
2011-11-12 16:19 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-12 16:19 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-12 16:19 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-12 16:17 . 2007-10-12 20:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-11-11 21:37 . 2011-11-11 21:37 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe
2011-11-11 20:57 . 2011-12-01 22:40 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\66902
2011-11-11 20:57 . 2011-11-11 20:57 98816 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp
2011-11-11 20:57 . 2011-12-04 23:04 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\88366
2011-11-11 20:04 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
2011-11-10 23:28 . 2011-11-10 23:28 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-11-10 23:28 . 2011-11-15 01:20 -------- d-----w- c:\program files (x86)\PlayPickle Toolbar
2011-11-09 12:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 12:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 12:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:18 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 16:50 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-26 16:50 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-01 03:25 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-09-27 23:29 . 2011-09-27 23:29 18944 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-09-27 23:29 . 2011-09-27 23:29 11264 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\MovieBario\prxtbMovi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CBF3FDCA-6104-1864-D931-D737D2BFC202}]
2011-09-27 23:28 1534976 ----a-w- c:\program files (x86)\SocialRibbons LP5\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"= "c:\program files (x86)\MovieBario\prxtbMovi.dll" [2011-01-17 175912]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-09-27 366024]
"BuzzUpdt.exe"="c:\program files (x86)\Buzzcustom\BuzzUpdt.exe" [2011-07-11 419328]
"FreeFrogUpdt.exe"="c:\program files (x86)\FreeFrog\FreeFrogUpdt.exe" [2011-08-30 419328]
"PageUpdt.exe"="c:\program files (x86)\Pagemood\PageUpdt.exe" [2011-07-11 419328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]
2011-11-29 21:59 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-24 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\At10.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At12.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At14.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At16.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At18.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At20.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At22.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At24.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At26.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At28.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At30.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At32.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At34.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At36.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At38.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At4.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At40.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-05 c:\windows\Tasks\At42.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At44.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At46.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At48.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At50.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At6.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\At8.job
- c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005Core.job
- c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005UA.job
- c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
.
2011-11-15 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-07-05 18:14]
.
2011-06-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2011-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-07-29 6470760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-08-04 3221152]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\gotcha\CF2727.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:59333
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59333
FF - prefs.js: network.proxy.type - 1
FF - Ext: Iminent WebBooster: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Window Shopper - Powered by Superfish: [email protected] - c:\programdatamozilla\Extensions\[email protected]
FF - Ext: MSN Toolbar: [email protected] - c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKCU-Run-343.exe - c:\users\Admin\AppData\Roaming\Microsoft\A1C8\343.exe
Wow6432Node-HKCU-Run-C6F.exe - c:\users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-TaskTray - (no file)
Wow6432Node-HKLM-Run-92B.exe - c:\program files (x86)\LP\E038\92B.exe
Wow6432Node-HKLM-Run-7A9.exe - c:\program files (x86)\LP\81B8\7A9.exe
Wow6432Node-HKLM-Run-C6F.exe - c:\program files (x86)\LP\A738\C6F.exe
Toolbar-Locked - (no file)
WebBrowser-{58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3933724382-1039634698-3548269274-1006\Software\SecuROM\License information*]
"datasecu"=hex:67,52,22,31,e3,64,40,9c,3d,1b,29,58,57,97,7d,b0,59,90,74,34,91,
b3,5f,c3,6d,60,c3,23,a6,59,f5,26,b8,33,83,fe,5d,af,f2,78,f3,3f,0f,36,a7,a4,\
"rkeysecu"=hex:b2,30,b7,0a,8b,0d,24,f7,68,c9,3a,1b,0c,e8,fb,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2011-12-04 20:12:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-05 01:12
.
Pre-Run: 303,877,185,536 bytes free
Post-Run: 311,714,304,000 bytes free
.
- - End Of File - - 6D57CEED39588DEAB2DBF386C69BD151
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Kevin:

One more thing. The spybot was not in his system tray so I am not sure I adequately disabled it. My son's "master" desktop which I ran the original scans from would not even load today so I could not tell if it was on that one. I ran these from an administrator account and there was no spybot in that system tray.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
OK, dont worry about Spybot for now, continue as follows :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
ClearJavaCache::
AtJob::
File::
c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
c:\windows\SysWow64\J3Tl3.com
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
c:\windows\system32\J3Tl3.com
Folder::
C:\found.001
c:\program files (x86)\66902
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
c:\users\Admin\AppData\Roaming\66902
c:\users\will\AppData\Roaming\66902
c:\users\will\AppData\Roaming\88366
c:\program files (x86)\MovieBario
c:\program files (x86)\uTorrentBar
c:\program files (x86)\SocialRibbons LP5
c:\program files (x86)\Ask.com
c:\program files (x86)\IncrediMail_MediaBar_2
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CBF3FDCA-6104-1864-D931-D737D2BFC202}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=- 
"{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"=- 
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew] 
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:59333

Firefox::
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59333
FF - prefs.js: network.proxy.type - 1
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs, also give update on current issues/concerns...

Kevin
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Kevin:

Here are the logs. I had uninstalled the Ask toolbar as well as the utorrent and the moviebarrio last night so those will not appear on the deleted list. Before running the ESET scan I was still getting redirected when pulling up webpages but that is likely due to all the trajans. I would love to get rid of weatherbug and the incredimail programs too. There is no uninstall for the weatherbug and I have not yet checked the incredimail but will later.

ComboFix 11-12-04.04 - Admin 12/05/2011 8:08.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2261 [GMT -5:00]
Running from: c:\users\Admin\Desktop\Gotcha.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp"
"c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe"
"c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe"
"c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp"
"c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat"
"c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll"
"c:\windows\system32\J3Tl3.com"
"c:\windows\SysWow64\J3Tl3.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.001
c:\found.001\file0000.chk
c:\program files (x86)\66902
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_8ee0.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\IncrediMail_MediaBar_2
c:\program files (x86)\IncrediMail_MediaBar_2\GottenAppsContextMenu.xml
c:\program files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper.exe
c:\program files (x86)\IncrediMail_MediaBar_2\ldrtbIncr.dll
c:\program files (x86)\IncrediMail_MediaBar_2\OtherAppsContextMenu.xml
c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
c:\program files (x86)\IncrediMail_MediaBar_2\SharedAppsContextMenu.xml
c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
c:\program files (x86)\IncrediMail_MediaBar_2\toolbar.cfg
c:\program files (x86)\IncrediMail_MediaBar_2\ToolbarContextMenu.xml
c:\program files (x86)\IncrediMail_MediaBar_2\uninstall.exe
c:\program files (x86)\SocialRibbons LP5
c:\program files (x86)\SocialRibbons LP5\aboutTabs.7.js
c:\program files (x86)\SocialRibbons LP5\aboutTabs.8.js
c:\program files (x86)\SocialRibbons LP5\audio.bmp
c:\program files (x86)\SocialRibbons LP5\banner_container.html
c:\program files (x86)\SocialRibbons LP5\bookmark_off.bmp
c:\program files (x86)\SocialRibbons LP5\bookmark_on.bmp
c:\program files (x86)\SocialRibbons LP5\bookmarksplugin.dll
c:\program files (x86)\SocialRibbons LP5\bubble_permissions.html
c:\program files (x86)\SocialRibbons LP5\build
c:\program files (x86)\SocialRibbons LP5\caching_banner.html
c:\program files (x86)\SocialRibbons LP5\chevron.bmp
c:\program files (x86)\SocialRibbons LP5\component.xsl
c:\program files (x86)\SocialRibbons LP5\default.xml
c:\program files (x86)\SocialRibbons LP5\efolder.bmp
c:\program files (x86)\SocialRibbons LP5\email.bmp
c:\program files (x86)\SocialRibbons LP5\email2.bmp
c:\program files (x86)\SocialRibbons LP5\emailchecker_plugin.dll
c:\program files (x86)\SocialRibbons LP5\facebook.feature
c:\program files (x86)\SocialRibbons LP5\fbrss.xsl
c:\program files (x86)\SocialRibbons LP5\ff.xsl
c:\program files (x86)\SocialRibbons LP5\folder.bmp
c:\program files (x86)\SocialRibbons LP5\Helper.dll
c:\program files (x86)\SocialRibbons LP5\icons.bmp
c:\program files (x86)\SocialRibbons LP5\iefavelem.bmp
c:\program files (x86)\SocialRibbons LP5\images\amazon.bmp
c:\program files (x86)\SocialRibbons LP5\images\ebay.bmp
c:\program files (x86)\SocialRibbons LP5\images\email.bmp
c:\program files (x86)\SocialRibbons LP5\images\email2.bmp
c:\program files (x86)\SocialRibbons LP5\images\msgbox\down.gif
c:\program files (x86)\SocialRibbons LP5\images\msgbox\hr.bmp
c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark_do.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark_na.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\navbg.bmp
c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh_do.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh_na.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash_do.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash_na.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark_do.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark_na.png
c:\program files (x86)\SocialRibbons LP5\images\msgbox\up.gif
c:\program files (x86)\SocialRibbons LP5\images\ticker\left.gif
c:\program files (x86)\SocialRibbons LP5\images\ticker\right.gif
c:\program files (x86)\SocialRibbons LP5\images\weather\0.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\1.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\10.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\11.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\12.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\13.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\14.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\15.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\16.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\17.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\18.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\19.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\2.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\20.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\21.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\22.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\23.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\24.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\25.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\26.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\27.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\28.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\29.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\3.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\30.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\31.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\32.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\33.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\34.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\35.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\36.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\37.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\38.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\39.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\4.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\40.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\41.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\42.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\43.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\44.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\45.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\46.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\47.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\5.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\6.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\7.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\8.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\9.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\hr.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\na.bmp
c:\program files (x86)\SocialRibbons LP5\images\weather\png\0.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\1.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\10.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\11.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\12.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\13.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\14.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\15.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\16.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\17.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\18.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\19.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\2.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\20.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\21.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\22.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\23.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\24.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\25.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\26.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\27.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\28.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\29.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\3.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\30.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\31.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\32.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\33.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\34.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\35.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\36.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\37.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\38.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\39.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\4.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\40.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\41.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\42.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\43.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\44.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\45.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\46.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\47.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\5.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\6.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\7.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\8.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\9.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\na.png
c:\program files (x86)\SocialRibbons LP5\images\weather\png\Thumbs.db
c:\program files (x86)\SocialRibbons LP5\images\wikipedia.bmp
c:\program files (x86)\SocialRibbons LP5\images\yahoo.bmp
c:\program files (x86)\SocialRibbons LP5\localization.xml
c:\program files (x86)\SocialRibbons LP5\location.xsl
c:\program files (x86)\SocialRibbons LP5\magglass.ico
c:\program files (x86)\SocialRibbons LP5\manage_bookmarks.html
c:\program files (x86)\SocialRibbons LP5\marquee.html
c:\program files (x86)\SocialRibbons LP5\marquee_permissions.html
c:\program files (x86)\SocialRibbons LP5\messaging.bmp
c:\program files (x86)\SocialRibbons LP5\minus.bmp
c:\program files (x86)\SocialRibbons LP5\msgbox_bubble.tmpl
c:\program files (x86)\SocialRibbons LP5\msgbox_openmsg.tmpl
c:\program files (x86)\SocialRibbons LP5\msgboxplugin.dll
c:\program files (x86)\SocialRibbons LP5\offline.html
c:\program files (x86)\SocialRibbons LP5\patch.bat
c:\program files (x86)\SocialRibbons LP5\plus.bmp
c:\program files (x86)\SocialRibbons LP5\podcast.bmp
c:\program files (x86)\SocialRibbons LP5\podcast.xsl
c:\program files (x86)\SocialRibbons LP5\radio.bmp
c:\program files (x86)\SocialRibbons LP5\RadioPlugin.dll
c:\program files (x86)\SocialRibbons LP5\resize.bmp
c:\program files (x86)\SocialRibbons LP5\rssfeed.bmp
c:\program files (x86)\SocialRibbons LP5\RSSReader_plugin.dll
c:\program files (x86)\SocialRibbons LP5\search.xsl
c:\program files (x86)\SocialRibbons LP5\SearchComponent.dll
c:\program files (x86)\SocialRibbons LP5\settings
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_playcntrl_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_playcntrl_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_down.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_volcntrl_over.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_volcntrl_up.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer1.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer2.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer3.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer4.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer5.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer6.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\playcntrl_bg.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_mask.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_minimalized.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_minimalized_mask.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\station.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_01.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_02.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_03.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\volslide_bg.bmp
c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\volslide_track.bmp
c:\program files (x86)\SocialRibbons LP5\star_on.gif
c:\program files (x86)\SocialRibbons LP5\ticker.html
c:\program files (x86)\SocialRibbons LP5\Toolbar.dll
c:\program files (x86)\SocialRibbons LP5\TroubleShooter.exe
c:\program files (x86)\SocialRibbons LP5\Uninst.exe
c:\program files (x86)\SocialRibbons LP5\update_progress.html
c:\program files (x86)\SocialRibbons LP5\version.txt
c:\program files (x86)\SocialRibbons LP5\version.xsl
c:\program files (x86)\SocialRibbons LP5\weather_bubble.tmpl
c:\program files (x86)\SocialRibbons LP5\weatherplugin.dll
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log
c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log
c:\users\Admin\AppData\Roaming\66902
c:\users\Admin\AppData\Roaming\66902\lvvm.exe
c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
c:\users\will\AppData\Roaming\66902
c:\users\will\AppData\Roaming\66902\lvvm.exe
c:\users\will\AppData\Roaming\88366
c:\users\will\AppData\Roaming\88366\6902.836
c:\users\will\AppData\Roaming\88366\95B0E.exe
c:\users\will\AppData\Roaming\88366\C55A7.exe
c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
c:\windows\SysWow64\J3Tl3.com
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\Will Everyday\AppData\Local\temp
2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\will\AppData\Local\temp
2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 23:32 . 2011-12-05 01:13 -------- d-----w- C:\Gotcha
2011-11-30 21:23 . 2011-11-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-28 14:37 . 2011-11-28 14:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-11-28 14:37 . 2011-11-28 14:37 -------- d--h--w- c:\users\will\AppData\Local\Microsoft Help
2011-11-28 14:37 . 2011-11-30 21:25 -------- d-----w- c:\programdata\Microsoft Help
2011-11-28 14:36 . 2011-11-28 14:36 -------- d-----r- C:\MSOCache
2011-11-28 08:45 . 2011-11-28 11:43 -------- d--h--w- c:\windows\AxInstSV
2011-11-26 18:38 . 2011-11-26 18:38 -------- d-----w- C:\Roxio
2011-11-26 16:14 . 2011-11-26 16:14 -------- d-----w- c:\users\Admin\AppData\Local\Rockstar Games
2011-11-26 11:17 . 2011-11-26 11:17 -------- d-sh--w- c:\programdata\SecuROM
2011-11-26 11:15 . 2011-11-26 11:15 -------- d-----w- c:\users\Will Everyday\AppData\Local\Rockstar Games
2011-11-26 11:11 . 2011-11-26 11:11 -------- d--h--r- c:\users\Will Everyday\AppData\Roaming\SecuROM
2011-11-26 11:06 . 2011-11-26 11:06 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
2011-11-26 11:06 . 2011-11-26 11:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\windows\SysWow64\xlive
2011-11-25 19:55 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-25 19:55 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-11-25 19:55 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-11-25 19:55 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-25 19:55 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-25 19:55 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-11-25 19:54 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-11-25 19:54 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-20 14:06 . 2011-11-20 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2011-11-17 01:04 . 2011-11-17 01:04 -------- d-----w- c:\users\Admin\AppData\Local\Connectify
2011-11-12 16:19 . 2011-11-12 16:19 -------- d-----w- c:\users\Will Everyday\AppData\Local\Skyrim
2011-11-12 16:19 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-12 16:19 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-12 16:19 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-12 16:19 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-12 16:17 . 2007-10-12 20:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-11-11 21:37 . 2011-11-11 21:37 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe
2011-11-11 20:57 . 2011-12-01 22:40 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\66902
2011-11-11 20:57 . 2011-11-11 20:57 98816 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp
2011-11-11 20:57 . 2011-12-04 23:04 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\88366
2011-11-11 20:04 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
2011-11-10 23:28 . 2011-11-10 23:28 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-11-10 23:28 . 2011-11-15 01:20 -------- d-----w- c:\program files (x86)\PlayPickle Toolbar
2011-11-09 12:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 12:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 12:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:18 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 16:50 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-26 16:50 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-01 03:25 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-09-27 23:29 . 2011-09-27 23:29 18944 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-09-27 23:29 . 2011-09-27 23:29 11264 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
.
.
((((((((((((((((((((((((((((( [email protected]_00.41.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-02 19:05 . 2011-12-05 14:30 55142 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-04 23:17 36240 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-05 01:24 36240 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-25 10:42 . 2011-12-04 23:15 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 10:42 . 2011-12-05 12:55 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 10:42 . 2011-12-04 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 10:42 . 2011-12-05 12:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-04 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-05 12:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-25 10:50 . 2011-12-05 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 10:50 . 2011-12-05 00:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-11 21:35 . 2011-12-05 00:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-11 21:35 . 2011-12-05 14:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-11 21:35 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-11 21:35 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-11 21:35 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-11 21:35 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-12-25 10:50 . 2011-12-05 00:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 10:50 . 2011-12-05 14:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 10:50 . 2011-12-05 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 10:50 . 2011-12-05 00:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-25 13:18 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 13:18 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 13:18 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 13:18 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-05 00:39 . 2011-12-05 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-05 14:25 . 2011-12-05 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-05 00:39 . 2011-12-05 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-05 14:25 . 2011-12-05 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-12-05 14:30 688636 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-04 23:22 688636 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-05 14:30 128836 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-04 23:22 128836 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2011-12-05 12:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-12-04 23:15 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-12-05 14:25 403988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-05 00:38 403988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-05 12:52 . 2011-12-05 12:52 404756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1004-8192.dat
- 2011-05-08 18:15 . 2011-12-05 00:38 12542260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1005-8192.dat
+ 2011-05-08 18:15 . 2011-12-05 12:52 12542260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
"BuzzUpdt.exe"="c:\program files (x86)\Buzzcustom\BuzzUpdt.exe" [2011-07-11 419328]
"FreeFrogUpdt.exe"="c:\program files (x86)\FreeFrog\FreeFrogUpdt.exe" [2011-08-30 419328]
"PageUpdt.exe"="c:\program files (x86)\Pagemood\PageUpdt.exe" [2011-07-11 419328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-24 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005Core.job
- c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005UA.job
- c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
.
2011-11-15 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-07-05 18:14]
.
2011-06-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2011-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-07-29 6470760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
FF - Ext: Iminent WebBooster: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Window Shopper - Powered by Superfish: [email protected] - c:\programdatamozilla\Extensions\[email protected]
FF - Ext: MSN Toolbar: [email protected] - c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-IncrediMail_MediaBar_2 Toolbar - c:\program files (x86)\IncrediMail_MediaBar_2\uninstall.exe
AddRemove-SocialRibbons LP5 - c:\program files (x86)\SocialRibbons LP5\Uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3933724382-1039634698-3548269274-1006\Software\SecuROM\License information*]
"datasecu"=hex:67,52,22,31,e3,64,40,9c,3d,1b,29,58,57,97,7d,b0,59,90,74,34,91,
b3,5f,c3,6d,60,c3,23,a6,59,f5,26,b8,33,83,fe,5d,af,f2,78,f3,3f,0f,36,a7,a4,\
"rkeysecu"=hex:b2,30,b7,0a,8b,0d,24,f7,68,c9,3a,1b,0c,e8,fb,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2011-12-05 09:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-05 14:51
ComboFix2.txt 2011-12-05 01:12
.
Pre-Run: 311,825,178,624 bytes free
Post-Run: 311,843,250,176 bytes free
.
- - End Of File - - A9D9939C1EE92444FF2A66A3A171DEFA


C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.AdvPCTweak application
C:\Program Files (x86)\PlayPickle Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\81B8\7A9.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\A738\C6F.exe.vir a variant of Win32/Kryptik.WDN trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\E038\92B.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\ProgramData\vMttfGqwJXmmgo.exe.vir a variant of Win32/Kryptik.WKH trojan
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\iexplore.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\66902\lvvm.exe.vir a variant of Win32/Kryptik.WPP trojan
C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\88366\C55A7.exe.vir a variant of Win32/Kryptik.WPP trojan
C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp.vir a variant of Win32/Kryptik.VGH trojan
C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe.vir a variant of Win32/Kryptik.WPP trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\iexplore.exe.vir a variant of Win32/Kryptik.WDN trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\66902\lvvm.exe.vir a variant of Win32/Kryptik.WPP trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\88366\95B0E.exe.vir a variant of Win32/Kryptik.WDN trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\88366\C55A7.exe.vir a variant of Win32/Kryptik.WDN trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\Microsoft\A738\6104.tmp.vir a variant of Win32/Kryptik.VGH trojan
C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe.vir a variant of Win32/Kryptik.WPP trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\8327.tmp.vir a variant of Win32/Kryptik.WKS trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\firefox.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\java.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe.vir a variant of Win32/Kryptik.VJK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe.vir a variant of Win32/Kryptik.WKJ trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe.vir a variant of Win32/Kryptik.WIM trojan
C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\J3Tl3.com.vir a variant of Win32/Kryptik.VRX trojan
C:\Users\Will Everyday\AppData\Roaming\66902\lvvm.exe a variant of Win32/Kryptik.WMJ trojan
C:\Users\Will Everyday\AppData\Roaming\88366\44AC1.exe a variant of Win32/Kryptik.VZB trojan
C:\Users\Will Everyday\AppData\Roaming\88366\611A1.exe a variant of Win32/Kryptik.VZB trojan
C:\Users\Will Everyday\AppData\Roaming\88366\95B0E.exe a variant of Win32/Kryptik.WMJ trojan
C:\Users\Will Everyday\AppData\Roaming\88366\9B061.exe a variant of Win32/Kryptik.VZB trojan
C:\Users\Will Everyday\AppData\Roaming\88366\AD611.exe a variant of Win32/Kryptik.VZB trojan
C:\Users\Will Everyday\AppData\Roaming\88366\B6F93.exe a variant of Win32/Kryptik.VZB trojan
C:\Users\Will Everyday\AppData\Roaming\88366\C55A7.exe a variant of Win32/Kryptik.WMJ trojan
C:\Users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe Win32/Cycbot.AK trojan
C:\Users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp a variant of Win32/Kryptik.VGH trojan
C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.AdvPCTweak application
C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe probably a variant of Win32/TrojanDownloader.Whizelown.I trojan
C:\Users\Will Everyday\Downloads\installer-for-directx.exe probably a variant of MSIL/Agent.NGQ trojan
C:\Users\Will Everyday\Downloads\registryboosterplc.exe Win32/RegistryBooster application
C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe a variant of Win32/Adware.OpenInstall application
C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe a variant of Win32/SoftonicDownloader.A application
C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
I`ve not seen a system this infectedfor quite some time, OK continue:

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------
    :Files
    ipconfig /flushdns /c
    c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8
    c:\users\Will Everyday\AppData\Roaming\66902
    c:\users\Will Everyday\AppData\Roaming\Microsoft\E038
    c:\users\Will Everyday\AppData\Roaming\88366
    c:\program files (x86)\Yontoo Layers Runtime
    c:\program files (x86)\PlayPickle Toolbar
    c:\program files (x86)\AWS
    c:\windows\system32\DRIVERS\Lbd.sys
    c:\users\Admin\AppData\Roaming\Microsoft\A738
    c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8
    c:\users\Will Everyday\AppData\Roaming\Microsoft\4198
    c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8
    c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738
    c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8
    c:\users\will\AppData\Roaming\Microsoft\A738
    c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll"
    c:\windows\system32\J3Tl3.com
    c:\windows\SysWow64\J3Tl3.com
    C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe
    C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe
    C:\Users\Will Everyday\Downloads\installer-for-directx.exe
    C:\Users\Will Everyday\Downloads\registryboosterplc.exe
    C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe
    C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe
    C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll
    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"=-
    :Services
    Lbd
    :Commands
    [EmptyTemp]
    [Reboot]
    [ResetHosts]
    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Let me see those logs, give update on current issues/concerns..

Kevin
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Kevin:

I feared it was a big mess. That is what happens when you have a 12 year old who loves to play Minecraft, go on Steam and visit programming chat sites! Despite all the warnings and explanations of what not to do, he still seems to get into trouble. We so appreciate all your help!

Here are the latest logs:
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\66902 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\E038 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\88366 folder moved successfully.
c:\program files (x86)\Yontoo Layers Runtime folder moved successfully.
c:\program files (x86)\PlayPickle Toolbar\Resources\skin folder moved successfully.
c:\program files (x86)\PlayPickle Toolbar\Resources\images folder moved successfully.
c:\program files (x86)\PlayPickle Toolbar\Resources folder moved successfully.
c:\program files (x86)\PlayPickle Toolbar folder moved successfully.
c:\program files (x86)\AWS\WeatherBug\Local folder moved successfully.
c:\program files (x86)\AWS\WeatherBug folder moved successfully.
c:\program files (x86)\AWS folder moved successfully.
File/Folder c:\windows\system32\DRIVERS\Lbd.sys not found.
c:\users\Admin\AppData\Roaming\Microsoft\A738 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\4198 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\A738 folder moved successfully.
c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8 folder moved successfully.
c:\users\will\AppData\Roaming\Microsoft\A738 folder moved successfully.
DllUnregisterServer procedure not found in c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll moved successfully.
File/Folder c:\windows\system32\J3Tl3.com not found.
File/Folder c:\windows\SysWow64\J3Tl3.com not found.
C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe moved successfully.
C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe moved successfully.
C:\Users\Will Everyday\Downloads\installer-for-directx.exe moved successfully.
C:\Users\Will Everyday\Downloads\registryboosterplc.exe moved successfully.
C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe moved successfully.
C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe moved successfully.
File/Folder C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
========== SERVICES/DRIVERS ==========
Service Lbd stopped successfully!
Service Lbd deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 367536 bytes
->Temporary Internet Files folder emptied: 30509108 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5498707 bytes
->Flash cache emptied: 43965 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 871 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: swl3001

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: will
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47724545 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43243020 bytes
->Flash cache emptied: 51915 bytes

User: Will Everyday
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 221282644 bytes
->Google Chrome cache emptied: 141522478 bytes
->Flash cache emptied: 188812 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6544896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 12052011_151121

Files moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



15:17:21.0908 5328 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:17:22.0018 5328 ============================================================
15:17:22.0018 5328 Current date / time: 2011/12/05 15:17:22.0018
15:17:22.0018 5328 SystemInfo:
15:17:22.0018 5328
15:17:22.0018 5328 OS Version: 6.1.7601 ServicePack: 1.0
15:17:22.0018 5328 Product type: Workstation
15:17:22.0018 5328 ComputerName: SWL3001-PC
15:17:22.0018 5328 UserName: Admin
15:17:22.0018 5328 Windows directory: C:\Windows
15:17:22.0018 5328 System windows directory: C:\Windows
15:17:22.0018 5328 Running under WOW64
15:17:22.0018 5328 Processor architecture: Intel x64
15:17:22.0018 5328 Number of processors: 4
15:17:22.0018 5328 Page size: 0x1000
15:17:22.0018 5328 Boot type: Normal boot
15:17:22.0018 5328 ============================================================
15:17:22.0439 5328 Initialize success
15:18:10.0284 5532 ============================================================
15:18:10.0284 5532 Scan started
15:18:10.0284 5532 Mode: Manual; SigCheck; TDLFS;
15:18:10.0284 5532 ============================================================
15:18:10.0846 5532 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:18:10.0971 5532 1394ohci - ok
15:18:11.0064 5532 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
15:18:11.0095 5532 Acceler - ok
15:18:11.0158 5532 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:18:11.0189 5532 ACPI - ok
15:18:11.0236 5532 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:18:11.0329 5532 AcpiPmi - ok
15:18:11.0423 5532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:18:11.0439 5532 adp94xx - ok
15:18:11.0454 5532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:18:11.0470 5532 adpahci - ok
15:18:11.0501 5532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:18:11.0501 5532 adpu320 - ok
15:18:11.0595 5532 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:18:11.0657 5532 AFD - ok
15:18:11.0688 5532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:18:11.0704 5532 agp440 - ok
15:18:11.0735 5532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:18:11.0735 5532 aliide - ok
15:18:11.0751 5532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:18:11.0766 5532 amdide - ok
15:18:11.0813 5532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:18:11.0860 5532 AmdK8 - ok
15:18:11.0891 5532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:18:11.0938 5532 AmdPPM - ok
15:18:11.0985 5532 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:18:12.0016 5532 amdsata - ok
15:18:12.0031 5532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:18:12.0063 5532 amdsbs - ok
15:18:12.0094 5532 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:18:12.0109 5532 amdxata - ok
15:18:12.0156 5532 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:18:12.0359 5532 AppID - ok
15:18:12.0453 5532 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:18:12.0468 5532 arc - ok
15:18:12.0499 5532 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:18:12.0531 5532 arcsas - ok
15:18:12.0609 5532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:12.0796 5532 AsyncMac - ok
15:18:12.0843 5532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:18:12.0858 5532 atapi - ok
15:18:12.0921 5532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:18:12.0983 5532 b06bdrv - ok
15:18:13.0045 5532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:13.0123 5532 b57nd60a - ok
15:18:13.0170 5532 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:18:13.0264 5532 Beep - ok
15:18:13.0326 5532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:18:13.0357 5532 blbdrive - ok
15:18:13.0451 5532 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:18:13.0498 5532 bowser - ok
15:18:13.0545 5532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:18:13.0576 5532 BrFiltLo - ok
15:18:13.0607 5532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:18:13.0638 5532 BrFiltUp - ok
15:18:13.0669 5532 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:18:13.0763 5532 Bridge - ok
15:18:13.0794 5532 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:18:13.0872 5532 BridgeMP - ok
15:18:13.0903 5532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:18:13.0981 5532 Brserid - ok
15:18:13.0997 5532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:14.0044 5532 BrSerWdm - ok
15:18:14.0075 5532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:14.0122 5532 BrUsbMdm - ok
15:18:14.0137 5532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:14.0184 5532 BrUsbSer - ok
15:18:14.0215 5532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:18:14.0247 5532 BTHMODEM - ok
15:18:14.0371 5532 catchme - ok
15:18:14.0403 5532 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:18:14.0481 5532 cdfs - ok
15:18:14.0527 5532 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:18:14.0574 5532 cdrom - ok
15:18:14.0621 5532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:18:14.0652 5532 circlass - ok
15:18:14.0683 5532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:18:14.0715 5532 CLFS - ok
15:18:14.0761 5532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:18:14.0793 5532 CmBatt - ok
15:18:14.0824 5532 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:18:14.0839 5532 cmdide - ok
15:18:14.0886 5532 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:18:14.0917 5532 CNG - ok
15:18:14.0949 5532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:18:14.0949 5532 Compbatt - ok
15:18:14.0995 5532 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:18:15.0042 5532 CompositeBus - ok
15:18:15.0089 5532 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
15:18:15.0105 5532 connctfy - ok
15:18:15.0120 5532 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
15:18:15.0136 5532 connctfyMP - ok
15:18:15.0167 5532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:18:15.0183 5532 crcdisk - ok
15:18:15.0229 5532 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:18:15.0292 5532 CtClsFlt - ok
15:18:15.0339 5532 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:18:15.0417 5532 DfsC - ok
15:18:15.0432 5532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:18:15.0510 5532 discache - ok
15:18:15.0557 5532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:18:15.0573 5532 Disk - ok
15:18:15.0651 5532 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:18:15.0697 5532 drmkaud - ok
15:18:15.0744 5532 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:18:15.0791 5532 DXGKrnl - ok
15:18:15.0807 5532 EagleX64 - ok
15:18:15.0900 5532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:18:16.0025 5532 ebdrv - ok
15:18:16.0072 5532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:18:16.0103 5532 elxstor - ok
15:18:16.0150 5532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:18:16.0197 5532 ErrDev - ok
15:18:16.0243 5532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:18:16.0321 5532 exfat - ok
15:18:16.0337 5532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:18:16.0384 5532 fastfat - ok
15:18:16.0399 5532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:18:16.0446 5532 fdc - ok
15:18:16.0493 5532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:18:16.0509 5532 FileInfo - ok
15:18:16.0540 5532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:18:16.0618 5532 Filetrace - ok
15:18:16.0633 5532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:16.0633 5532 flpydisk - ok
15:18:16.0680 5532 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:18:16.0696 5532 FltMgr - ok
15:18:16.0711 5532 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:18:16.0727 5532 FsDepends - ok
15:18:16.0758 5532 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:18:16.0774 5532 Fs_Rec - ok
15:18:16.0821 5532 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:18:16.0852 5532 fvevol - ok
15:18:16.0883 5532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:16.0914 5532 gagp30kx - ok
15:18:16.0961 5532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:18:16.0977 5532 GEARAspiWDM - ok
15:18:17.0023 5532 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:18:17.0039 5532 hamachi - ok
15:18:17.0055 5532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:18:17.0101 5532 hcw85cir - ok
15:18:17.0148 5532 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:18:17.0179 5532 HDAudBus - ok
15:18:17.0226 5532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:18:17.0242 5532 HECIx64 - ok
15:18:17.0257 5532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:18:17.0289 5532 HidBatt - ok
15:18:17.0304 5532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:18:17.0367 5532 HidBth - ok
15:18:17.0367 5532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:18:17.0413 5532 HidIr - ok
15:18:17.0429 5532 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:18:17.0476 5532 HidUsb - ok
15:18:17.0523 5532 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:18:17.0538 5532 HpSAMD - ok
15:18:17.0585 5532 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:18:17.0694 5532 HTTP - ok
15:18:17.0725 5532 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:18:17.0741 5532 hwpolicy - ok
15:18:17.0772 5532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:18:17.0803 5532 i8042prt - ok
15:18:17.0850 5532 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:18:17.0881 5532 iaStor - ok
15:18:17.0897 5532 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:18:17.0928 5532 iaStorV - ok
15:18:18.0193 5532 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:18:18.0521 5532 igfx - ok
15:18:18.0568 5532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:18:18.0583 5532 iirsp - ok
15:18:18.0615 5532 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:18:18.0677 5532 Impcd - ok
15:18:18.0739 5532 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
15:18:18.0802 5532 IntcAzAudAddService - ok
15:18:18.0833 5532 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:18:18.0864 5532 IntcDAud - ok
15:18:18.0880 5532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:18:18.0895 5532 intelide - ok
15:18:18.0942 5532 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:18:18.0989 5532 intelppm - ok
15:18:19.0036 5532 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:19.0114 5532 IpFilterDriver - ok
15:18:19.0145 5532 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:18:19.0161 5532 IPMIDRV - ok
15:18:19.0176 5532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:18:19.0270 5532 IPNAT - ok
15:18:19.0332 5532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:18:19.0426 5532 IRENUM - ok
15:18:19.0473 5532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:18:19.0488 5532 isapnp - ok
15:18:19.0504 5532 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:18:19.0535 5532 iScsiPrt - ok
15:18:19.0582 5532 JMCR (baec3cb3627ce439a8ff2ddcee39da54) C:\Windows\system32\DRIVERS\jmcr.sys
15:18:19.0597 5532 JMCR - ok
15:18:19.0613 5532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:18:19.0629 5532 kbdclass - ok
15:18:19.0660 5532 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:18:19.0691 5532 kbdhid - ok
15:18:19.0722 5532 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:18:19.0738 5532 KSecDD - ok
15:18:19.0769 5532 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:18:19.0785 5532 KSecPkg - ok
15:18:19.0816 5532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:18:19.0909 5532 ksthunk - ok
15:18:19.0956 5532 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:18:20.0034 5532 lltdio - ok
15:18:20.0097 5532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:20.0112 5532 LSI_FC - ok
15:18:20.0128 5532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:20.0143 5532 LSI_SAS - ok
15:18:20.0159 5532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:20.0175 5532 LSI_SAS2 - ok
15:18:20.0190 5532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:20.0206 5532 LSI_SCSI - ok
15:18:20.0221 5532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:18:20.0284 5532 luafv - ok
15:18:20.0299 5532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:18:20.0299 5532 megasas - ok
15:18:20.0331 5532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:18:20.0346 5532 MegaSR - ok
15:18:20.0362 5532 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:18:20.0424 5532 Modem - ok
15:18:20.0440 5532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:18:20.0487 5532 monitor - ok
15:18:20.0518 5532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:18:20.0533 5532 mouclass - ok
15:18:20.0580 5532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:18:20.0611 5532 mouhid - ok
15:18:20.0658 5532 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:18:20.0674 5532 mountmgr - ok
15:18:20.0721 5532 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:18:20.0736 5532 mpio - ok
15:18:20.0752 5532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:18:20.0845 5532 mpsdrv - ok
15:18:20.0861 5532 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:18:20.0892 5532 MRxDAV - ok
15:18:20.0939 5532 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:21.0001 5532 mrxsmb - ok
15:18:21.0033 5532 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:21.0079 5532 mrxsmb10 - ok
15:18:21.0111 5532 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:21.0126 5532 mrxsmb20 - ok
15:18:21.0142 5532 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:18:21.0173 5532 msahci - ok
15:18:21.0204 5532 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:18:21.0235 5532 msdsm - ok
15:18:21.0251 5532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:18:21.0329 5532 Msfs - ok
15:18:21.0376 5532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:18:21.0407 5532 mshidkmdf - ok
15:18:21.0407 5532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:18:21.0423 5532 msisadrv - ok
15:18:21.0469 5532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:18:21.0532 5532 MSKSSRV - ok
15:18:21.0579 5532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:21.0657 5532 MSPCLOCK - ok
15:18:21.0657 5532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:18:21.0719 5532 MSPQM - ok
15:18:21.0750 5532 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:18:21.0766 5532 MsRPC - ok
15:18:21.0797 5532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:18:21.0797 5532 mssmbios - ok
15:18:21.0813 5532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:18:21.0891 5532 MSTEE - ok
15:18:21.0922 5532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:18:21.0953 5532 MTConfig - ok
15:18:21.0984 5532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:18:22.0000 5532 Mup - ok
15:18:22.0062 5532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:18:22.0109 5532 NativeWifiP - ok
15:18:22.0187 5532 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:18:22.0234 5532 NDIS - ok
15:18:22.0265 5532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:22.0359 5532 NdisCap - ok
15:18:22.0390 5532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:22.0452 5532 NdisTapi - ok
15:18:22.0468 5532 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:22.0530 5532 Ndisuio - ok
15:18:22.0561 5532 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:22.0624 5532 NdisWan - ok
15:18:22.0671 5532 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:18:22.0733 5532 NDProxy - ok
15:18:22.0764 5532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:18:22.0795 5532 NetBIOS - ok
15:18:22.0842 5532 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:18:22.0920 5532 NetBT - ok
15:18:23.0139 5532 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:18:23.0451 5532 NETwNs64 - ok
15:18:23.0482 5532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:18:23.0513 5532 nfrd960 - ok
15:18:23.0544 5532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:18:23.0622 5532 Npfs - ok
15:18:23.0653 5532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:18:23.0716 5532 nsiproxy - ok
15:18:23.0794 5532 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:18:23.0872 5532 Ntfs - ok
15:18:23.0887 5532 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:18:23.0919 5532 Null - ok
15:18:24.0184 5532 nvlddmkm (011f0596d167d073e6813ae88e7947a9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:24.0371 5532 nvlddmkm - ok
15:18:24.0387 5532 nvpciflt (2bcc53e4ba1acc9b63595c4ae7361ad3) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:18:24.0387 5532 nvpciflt - ok
15:18:24.0433 5532 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:18:24.0449 5532 nvraid - ok
15:18:24.0496 5532 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:18:24.0511 5532 nvstor - ok
15:18:24.0558 5532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:18:24.0589 5532 nv_agp - ok
15:18:24.0621 5532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:18:24.0667 5532 ohci1394 - ok
15:18:24.0745 5532 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:18:24.0777 5532 Parport - ok
15:18:24.0808 5532 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:18:24.0823 5532 partmgr - ok
15:18:24.0855 5532 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:18:24.0870 5532 pci - ok
15:18:24.0886 5532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:18:24.0901 5532 pciide - ok
15:18:24.0933 5532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:18:24.0948 5532 pcmcia - ok
15:18:24.0964 5532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:18:24.0979 5532 pcw - ok
15:18:25.0011 5532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:18:25.0120 5532 PEAUTH - ok
15:18:25.0198 5532 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:18:25.0276 5532 PptpMiniport - ok
15:18:25.0291 5532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:18:25.0307 5532 Processor - ok
15:18:25.0354 5532 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:18:25.0432 5532 Psched - ok
15:18:25.0463 5532 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:18:25.0463 5532 PxHlpa64 - ok
15:18:25.0494 5532 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
15:18:25.0510 5532 qicflt - ok
15:18:25.0541 5532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:18:25.0588 5532 ql2300 - ok
15:18:25.0603 5532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:18:25.0619 5532 ql40xx - ok
15:18:25.0635 5532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:18:25.0666 5532 QWAVEdrv - ok
15:18:25.0681 5532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:18:25.0713 5532 RasAcd - ok
15:18:25.0759 5532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:25.0791 5532 RasAgileVpn - ok
15:18:25.0822 5532 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:25.0884 5532 Rasl2tp - ok
15:18:25.0915 5532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:25.0962 5532 RasPppoe - ok
15:18:26.0009 5532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:18:26.0071 5532 RasSstp - ok
15:18:26.0118 5532 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:18:26.0181 5532 rdbss - ok
15:18:26.0212 5532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:18:26.0243 5532 rdpbus - ok
15:18:26.0259 5532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:26.0337 5532 RDPCDD - ok
15:18:26.0368 5532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:18:26.0415 5532 RDPENCDD - ok
15:18:26.0446 5532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:18:26.0508 5532 RDPREFMP - ok
15:18:26.0555 5532 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:18:26.0617 5532 RDPWD - ok
15:18:26.0664 5532 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:18:26.0680 5532 rdyboost - ok
15:18:26.0727 5532 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
15:18:26.0789 5532 RMCAST - ok
15:18:26.0836 5532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:18:26.0867 5532 rspndr - ok
15:18:26.0883 5532 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:18:26.0898 5532 RTL8167 - ok
15:18:26.0929 5532 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:18:26.0945 5532 sbp2port - ok
15:18:26.0976 5532 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:18:27.0054 5532 scfilter - ok
15:18:27.0101 5532 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:18:27.0132 5532 sdbus - ok
15:18:27.0148 5532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:18:27.0241 5532 secdrv - ok
15:18:27.0257 5532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:18:27.0273 5532 Serenum - ok
15:18:27.0288 5532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:18:27.0319 5532 Serial - ok
15:18:27.0351 5532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:18:27.0366 5532 sermouse - ok
15:18:27.0397 5532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:18:27.0429 5532 sffdisk - ok
15:18:27.0444 5532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:18:27.0475 5532 sffp_mmc - ok
15:18:27.0491 5532 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:18:27.0522 5532 sffp_sd - ok
15:18:27.0538 5532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:18:27.0569 5532 sfloppy - ok
15:18:27.0600 5532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:27.0616 5532 SiSRaid2 - ok
15:18:27.0631 5532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:18:27.0647 5532 SiSRaid4 - ok
15:18:27.0663 5532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:18:27.0725 5532 Smb - ok
15:18:27.0756 5532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:18:27.0756 5532 spldr - ok
15:18:27.0819 5532 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:18:27.0834 5532 srv - ok
15:18:27.0865 5532 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:18:27.0897 5532 srv2 - ok
15:18:27.0928 5532 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:27.0959 5532 srvnet - ok
15:18:28.0006 5532 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
15:18:28.0021 5532 stdcfltn - ok
15:18:28.0068 5532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:18:28.0084 5532 stexstor - ok
15:18:28.0115 5532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:18:28.0131 5532 swenum - ok
15:18:28.0209 5532 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
15:18:28.0255 5532 SynTP - ok
15:18:28.0333 5532 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:18:28.0443 5532 Tcpip - ok
15:18:28.0474 5532 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:28.0505 5532 TCPIP6 - ok
15:18:28.0552 5532 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:18:28.0630 5532 tcpipreg - ok
15:18:28.0661 5532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:18:28.0739 5532 TDPIPE - ok
15:18:28.0755 5532 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:18:28.0817 5532 TDTCP - ok
15:18:28.0848 5532 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:18:28.0926 5532 tdx - ok
15:18:28.0942 5532 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:18:28.0942 5532 TermDD - ok
15:18:28.0989 5532 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:29.0067 5532 tssecsrv - ok
15:18:29.0113 5532 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:18:29.0145 5532 TsUsbFlt - ok
15:18:29.0191 5532 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:18:29.0269 5532 tunnel - ok
15:18:29.0332 5532 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
15:18:29.0347 5532 TurboB - ok
15:18:29.0363 5532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:18:29.0394 5532 uagp35 - ok
15:18:29.0425 5532 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:18:29.0503 5532 udfs - ok
15:18:29.0550 5532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:18:29.0566 5532 uliagpkx - ok
15:18:29.0581 5532 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:18:29.0628 5532 umbus - ok
15:18:29.0644 5532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:18:29.0675 5532 UmPass - ok
15:18:29.0737 5532 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:18:29.0784 5532 USBAAPL64 - ok
15:18:29.0800 5532 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:29.0831 5532 usbccgp - ok
15:18:29.0878 5532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:18:29.0909 5532 usbcir - ok
15:18:29.0940 5532 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:18:29.0971 5532 usbehci - ok
15:18:29.0987 5532 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:18:30.0018 5532 usbhub - ok
15:18:30.0049 5532 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:18:30.0065 5532 usbohci - ok
15:18:30.0081 5532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:18:30.0112 5532 usbprint - ok
15:18:30.0127 5532 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:30.0174 5532 USBSTOR - ok
15:18:30.0190 5532 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:18:30.0237 5532 usbuhci - ok
15:18:30.0283 5532 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:18:30.0315 5532 usbvideo - ok
15:18:30.0330 5532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:18:30.0346 5532 vdrvroot - ok
15:18:30.0361 5532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:30.0393 5532 vga - ok
15:18:30.0408 5532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:18:30.0486 5532 VgaSave - ok
15:18:30.0517 5532 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:18:30.0533 5532 vhdmp - ok
15:18:30.0549 5532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:18:30.0564 5532 viaide - ok
15:18:30.0580 5532 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:18:30.0595 5532 volmgr - ok
15:18:30.0642 5532 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:18:30.0673 5532 volmgrx - ok
15:18:30.0689 5532 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:18:30.0705 5532 volsnap - ok
15:18:30.0767 5532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:18:30.0783 5532 vsmraid - ok
15:18:30.0798 5532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:18:30.0845 5532 vwifibus - ok
15:18:30.0876 5532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:18:30.0923 5532 vwififlt - ok
15:18:30.0970 5532 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:18:31.0001 5532 vwifimp - ok
15:18:31.0017 5532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:18:31.0063 5532 WacomPen - ok
15:18:31.0095 5532 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:31.0173 5532 WANARP - ok
15:18:31.0173 5532 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:31.0219 5532 Wanarpv6 - ok
15:18:31.0235 5532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:18:31.0235 5532 Wd - ok
15:18:31.0266 5532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:18:31.0297 5532 Wdf01000 - ok
15:18:31.0344 5532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:31.0391 5532 WfpLwf - ok
15:18:31.0407 5532 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:18:31.0438 5532 WimFltr - ok
15:18:31.0453 5532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:18:31.0469 5532 WIMMount - ok
15:18:31.0531 5532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:18:31.0578 5532 WmiAcpi - ok
15:18:31.0625 5532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:18:31.0719 5532 ws2ifsl - ok
15:18:31.0765 5532 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:18:31.0828 5532 WudfPf - ok
15:18:31.0859 5532 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:31.0937 5532 WUDFRd - ok
15:18:31.0984 5532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:18:32.0015 5532 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:18:32.0015 5532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:18:32.0093 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:18:32.0093 5532 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:18:32.0124 5532 Boot (0x1200) (5d2309bc4f6a1c1491111ee13314adc4) \Device\Harddisk0\DR0\Partition0
15:18:32.0124 5532 \Device\Harddisk0\DR0\Partition0 - ok
15:18:32.0140 5532 Boot (0x1200) (a4e9b68a63f025b529cf5dadce5e18db) \Device\Harddisk0\DR0\Partition1
15:18:32.0140 5532 \Device\Harddisk0\DR0\Partition1 - ok
15:18:32.0140 5532 ============================================================
15:18:32.0140 5532 Scan finished
15:18:32.0140 5532 ============================================================
15:18:32.0155 6628 Detected object count: 2
15:18:32.0155 6628 Actual detected object count: 2
15:19:41.0404 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
15:19:41.0404 6628 \Device\Harddisk0\DR0 - ok
15:19:41.0404 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
15:19:41.0404 6628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:19:41.0404 6628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:20:26.0878 6220 Deinitialize success
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
OK, run this please,

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Also give update on current issues...

Kevin
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Have not noticed any other issues yet but have not spent alot of time experimenting yet. Latest logs:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-05 16:34:46
-----------------------------
16:34:46.683 OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:46.683 Number of processors: 4 586 0x2505
16:34:46.683 ComputerName: SWL3001-PC UserName: Admin
16:34:48.259 Initialize success
16:36:39.114 AVAST engine defs: 11120501
16:36:57.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:36:57.195 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:36:57.195 Disk 0 MBR read successfully
16:36:57.210 Disk 0 MBR scan
16:36:57.210 Disk 0 Windows VISTA default MBR code
16:36:57.210 Service scanning
16:36:58.256 Modules scanning
16:36:58.256 Disk 0 trace - called modules:
16:36:58.256 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:36:58.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f14060]
16:36:58.271 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004dcbaf0]
16:36:58.271 5 stdcfltn.sys[fffff88001b2ec52] -> nt!IofCallDriver -> [0xfffffa8004c20d10]
16:36:58.287 7 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c23050]
16:37:00.237 AVAST engine scan C:\Windows
16:37:03.388 AVAST engine scan C:\Windows\system32
16:38:38.080 AVAST engine scan C:\Windows\system32\drivers
16:38:48.111 AVAST engine scan C:\Users\Admin
16:39:40.574 AVAST engine scan C:\ProgramData
16:40:59.104 Scan finished successfully
16:43:24.169 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
16:43:24.185 The log file has been saved successfully to "C:\Users\Admin\Desktop\ASWscan.txt"
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
W`ve definitely made significant progress, logs look good. Run DDS again lets see what that shows...

We need to see some additional information about what is happening in your machine.*
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Let me see the two logs in next reply...

Kevin
 

rabbit12

Thread Starter
Joined
May 22, 2004
Messages
54
Sorry for the delay. Had to make dinner...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Admin at 18:02:45 on 2011-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1886 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files (x86)\Buzzcustom\BuzzUpdt.exe
C:\Program Files (x86)\FreeFrog\FreeFrogUpdt.exe
C:\Program Files (x86)\Pagemood\PageUpdt.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\Admin\Desktop\aswMBR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [BuzzUpdt.exe] C:\Program Files (x86)\Buzzcustom\BuzzUpdt.exe
uRun: [FreeFrogUpdt.exe] C:\Program Files (x86)\FreeFrog\FreeFrogUpdt.exe
uRun: [PageUpdt.exe] C:\Program Files (x86)\Pagemood\PageUpdt.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\059636F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6563647966697D2B496C6C696E67647F6E6 : DhcpNameServer = 192.168.116.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6F627 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\54163747F6E69616E6 : DhcpNameServer = 204.186.110.76 216.144.187.37
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E} : NameServer = 192.168.2.1
TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E} : NameServer = 192.168.2.1
TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C} : NameServer = 68.87.71.230,68.87.73.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
FF - Ext: Iminent WebBooster: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Window Shopper - Powered by Superfish: [email protected] - C:\ProgramDataMozilla\Extensions\[email protected]
FF - Ext: MSN Toolbar: [email protected] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-2 98208]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-9 892992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-2 1620584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-14 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-2 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-2 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-05 20:11:21 -------- d-----w- C:\_OTM
2011-12-05 15:01:57 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-05 14:56:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-05 12:57:42 -------- d-----w- C:\Gotcha19922G
2011-12-04 23:33:26 98816 ----a-w- C:\Windows\sed.exe
2011-12-04 23:33:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-04 23:33:26 256000 ----a-w- C:\Windows\PEV.exe
2011-12-04 23:33:26 208896 ----a-w- C:\Windows\MBR.exe
2011-12-04 23:32:09 -------- d-----w- C:\Gotcha
2011-11-28 14:37:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-11-26 18:38:20 -------- d-----w- C:\Roxio
2011-11-26 16:14:26 -------- d-----w- C:\Users\Admin\AppData\Local\Rockstar Games
2011-11-26 11:17:40 -------- d-sh--w- C:\ProgramData\SecuROM
2011-11-26 11:06:37 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-11-26 11:06:08 -------- d-----w- C:\Windows\SysWow64\xlive
2011-11-26 11:06:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-11-25 19:55:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-11-25 19:55:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-11-25 19:55:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-11-25 19:55:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-11-25 19:55:02 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-11-25 19:55:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-11-25 19:55:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-11-25 19:55:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2011-11-25 19:54:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-11-25 19:54:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-11-20 14:06:08 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2011-11-17 01:04:04 -------- d-----w- C:\Users\Admin\AppData\Local\Connectify
2011-11-12 16:19:02 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-12 16:19:02 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-12 16:19:02 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-12 16:19:02 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-12 16:19:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-12 16:19:00 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-12 16:17:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2011-11-11 20:04:04 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
2011-11-09 12:18:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 12:18:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 12:18:04 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 12:18:04 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 18:03:08.13 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2010 5:45:45 AM
System Uptime: 12/5/2011 3:21:02 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0MDPK8
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/532mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 290.035 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP279: 11/26/2011 6:02:44 AM - Installed DirectX
RP280: 11/26/2011 6:05:01 AM - Installed DirectX
RP281: 11/26/2011 6:05:22 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP282: 11/26/2011 6:06:09 AM - Installed DirectX
RP283: 11/26/2011 7:03:04 AM - Installed Microsoft Games for Windows - LIVE Redistributable
RP284: 11/28/2011 9:36:15 AM - Installed Microsoft Office Home and Business 2010
RP285: 11/28/2011 9:50:02 AM - Removed Window Shopper
RP286: 11/28/2011 10:18:45 AM - Installed HiJackThis
RP287: 11/28/2011 10:32:13 AM - Removed HiJackThis
RP288: 11/29/2011 3:00:26 AM - Windows Update
RP289: 11/30/2011 4:18:07 PM - Windows Update
RP290: 12/4/2011 6:34:06 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.20
AccelerometerP11
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Web Premium
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Reader 9.1.2
Adobe Setup
Advanced Audio FX Engine
Advanced PC Tweaker v4.2
Alliance of Valiant Arms
Apple Application Support
Apple Software Update
Armagetron Advanced 0.2.8.3.1.gcc
ASIO4ALL
Ask Toolbar
Battlefield 2142
Buzzcustom 1.4
Call of Duty(R) 4 - Modern Warfare(TM) Demo
CamStudio
Cheat Engine 6.0
Cozi
Crimecraft: BLEEDOUT
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
Driver Performer
ESET Online Scanner v3
FL Studio 10
Forsaken World
Fraps (remove only)
FreeFrog 1.0
Game Cam 2.6.1.0
GameSpy Arcade
GIMP 2.6.11
Global Agenda
Google Talk Plugin
GoToAssist Corporate
Graboid Video 2.2
Grand Theft Auto IV
GraphicsGale FreeEdition version 1.93.17
IL Download Manager
Iminent
IncrediMail
IncrediMail 2.0
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 24
JMicron Flash Media Controller Driver
Junk Mail filter update
Just Cause 2 Demo
Livestream Procaster
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo Trial
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Thunderbird (5.0)
Mplayer 0.6.9
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetAssistant
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Updatus
Pagemood 1.4
PDF Settings CS5
Photo Notifier and Animation Creator
Portal
Pro Motion 6
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Sanctum
Screen Video Recorder 1.5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype Toolbars
Skype™ 4.2
SocialRibbons LP5
Spotify
Spybot - Search & Destroy
Steam
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
The Incredible Machine: Even More Contraptions
TinyWord 2.9.0
TypingMaster
TypingMaster Pro
Unity
Universal Extractor 1.6.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WeatherBug
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
12/5/2011 9:24:28 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/5/2011 8:46:46 AM, Error: Application Popup [1060] - \??\C:\Gotcha19922G\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/5/2011 3:11:22 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2011 7:39:08 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
12/4/2011 7:29:01 PM, Error: Application Popup [1060] - \??\C:\Gotcha\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/4/2011 6:40:54 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/4/2011 6:16:38 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/4/2011 6:16:04 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
12/4/2011 6:15:46 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
12/4/2011 6:15:43 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
12/4/2011 6:15:43 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
12/4/2011 6:04:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/4/2011 6:04:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/4/2011 6:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/4/2011 6:00:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Connectify service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2011 5:56:01 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2011 2:49:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004bbba10, 0xfffff80000b9c518, 0xfffffa8010de6b80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120211-48110-01.
11/29/2011 3:05:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
11/28/2011 9:30:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
11/28/2011 9:30:37 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2011 5:59:15 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
11/28/2011 5:59:15 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
OK, do the following :-

Step 1

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click
    icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big
    button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

Step 3

Remove ESET online scanner:

  • Click Start, type programs and features in the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Step 4

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

Step 5

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment 7 update 1 JRE 7
  • Scroll down to where it says JRE. Java SE 7
  • Check the box to: "Accept License Agreement".
  • Find the download that applies to your operating system. (Please ask if you have any questions.)
  • For Windows 32 bit systems get this Windows x86 Offline
  • For Windows 64 bit systems get this Windows x64
  • Click the "Download JRE" button to the right.

NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs (Windows 7 or Vista user > Control Panel > Uninstall a Program) and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
  • You have at least the following to remove:

Java 6 Update 24

  • In Windows Explorer, navigate to C:\Program Files\Java\ Delete the contents such as any subfolders, but NOTthe main folder.
  • Do NOT delete C:\Program Files\JavaVM if found!
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
  • Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:
  • Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Step 7

Uninstall any of the following that you do not use via Start > Control Panel > Uninstall a Program:

WeatherBug
Skype Toolbars
MSN Toolbar
MSN Toolbar Platform
IncrediMail
IncrediMail 2.0


Step 8

Download
TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run

Let me know if those steps complete OK, also if you have any remaining issues...

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top