1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help - Totally Infected

Discussion in 'Virus & Other Malware Removal' started by rabbit12, Nov 30, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    This computer is a mess. It is telling me I have a worm infection, it runs slowly and redirects constantly and even begins talking by itself. Please help!!!!!

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 3830 Mb
    Graphics Card: NVIDIA GeForce GT 420M, 1024 Mb
    Hard Drives: C: Total - 468280 MB, Free - 292676 MB;
    Motherboard: Dell Inc., 0MDPK8
    Antivirus: Spyware Doctor with AntiVirus, Updated and Enabled


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:40:51 PM, on 11/30/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Users\will\AppData\Roaming\88366\C55A7.exe
    C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    C:\Users\will\AppData\Roaming\66902\lvvm.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\will\Downloads\HijackThis(2).exe
    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:58747
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    R3 - URLSearchHook: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    F3 - REG:win.ini: load=C:\Users\will\AppData\Roaming\66902\lvvm.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: Pagemood 1.3 - {0E35554F-0623-4BAA-8521-AEE9901528B6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: MovieBario - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Buzzcustom 1.4 - {97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
    O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
    O2 - BHO: FreeFrog 1.0 - {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    O2 - BHO: FCTBPos00Pos - {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    O3 - Toolbar: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
    O4 - HKLM\..\Run: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
    O4 - HKLM\..\Run: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
    O4 - HKLM\..\Run: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [C6F.exe] C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O20 - Winlogon Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll (file missing)
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\Connectifyd.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17980 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Run by will at 10:48:05 on 2011-11-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1219 [GMT -5:00]
    .
    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Connectify\Connectifyd.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\will\AppData\Roaming\88366\C55A7.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k ipripsvc
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Users\will\AppData\Roaming\66902\lvvm.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\PC Tools Security\upgrade.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:58747
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    uURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    mURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    mWinlogon: Userinit=userinit.exe
    uWinlogon: Shell=explorer.exe,C:\Users\will\AppData\Roaming\88366\C55A7.exe
    uWindows: Load=C:\Users\will\AppData\Roaming\66902\lvvm.exe
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Pagemood 1.3: {0e35554f-0623-4baa-8521-aee9901528b6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Buzzcustom 1.4: {97788fc1-b4b7-49dc-b4ad-51bfcd27a7ce} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
    BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
    BHO: FreeFrog 1.0: {a229bc5b-e7a2-447b-b015-1e7ca944978d} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    BHO: SocialRibbons LP5: {cbf3fdca-6104-1864-d931-d737d2bfc202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    TB: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [C6F.exe] C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TaskTray]
    mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
    mRun: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
    mRun: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
    mRun: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\will\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\059636F6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6563647966697D2B496C6C696E67647F6E6 : DhcpNameServer = 192.168.116.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6F627 : DhcpNameServer = 167.206.251.130 167.206.251.129
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\54163747F6E69616E6 : DhcpNameServer = 204.186.110.76 216.144.187.37
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E} : NameServer = 192.168.2.1
    TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E} : NameServer = 192.168.2.1
    TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C} : NameServer = 68.87.71.230,68.87.73.246
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Pagemood 1.3: {0E35554F-0623-4BAA-8521-AEE9901528B6} - C:\PROGRA~2\Pagemood\PAGEMO~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    BHO-X64: MovieBario - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Buzzcustom 1.4: {97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE} - C:\PROGRA~2\BUZZCU~1\BUZZCU~1.DLL
    BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
    BHO-X64: IMinent WebBooster - No File
    BHO-X64: FreeFrog 1.0: {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\PROGRA~2\FreeFrog\FREEFR~1.DLL
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO-X64: DCA - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    BHO-X64: uTorrentBar - No File
    BHO-X64: SocialRibbons LP5: {CBF3FDCA-6104-1864-D931-D737D2BFC202} - C:\Program Files (x86)\SocialRibbons LP5\Toolbar.dll
    BHO-X64: FCTBPos00Pos - No File
    BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    BHO-X64: IncrediMail MediaBar 2 - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    TB-X64: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files (x86)\MovieBario\prxtbMovi.dll
    TB-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TaskTray]
    mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
    mRun-x64: [92B.exe] C:\Program Files (x86)\LP\E038\92B.exe
    mRun-x64: [7A9.exe] C:\Program Files (x86)\LP\81B8\7A9.exe
    mRun-x64: [C6F.exe] C:\Program Files (x86)\LP\A738\C6F.exe
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\Iminent.WebBooster.XPCOM.18.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCore.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components\PriceGongFF.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\239yzlzh.default\extensions\[email protected]\components\FFHst.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npBuzzcustom.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFreeFrog.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPagemood.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\will\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-2 98208]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-9 892992]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-2 1620584]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-1-13 366840]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-1-13 1150936]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-2 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-2 2320920]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-14 1153368]
    S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-28 14:49:29 -------- d-----w- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    2011-11-28 14:37:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2011-11-28 14:37:12 -------- d-----w- C:\Users\will\AppData\Local\Microsoft Help
    2011-11-28 08:45:17 -------- d--h--w- C:\Windows\AxInstSV
    2011-11-26 18:38:20 -------- d-----w- C:\Roxio
    2011-11-26 16:40:57 127 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
    2011-11-26 16:38:22 284160 ----a-w- C:\Users\will\AppData\Roaming\iexplore.exe
    2011-11-26 16:36:41 -------- d-----w- C:\Users\will\AppData\Roaming\66902
    2011-11-26 16:36:32 98816 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\6104.tmp
    2011-11-26 16:36:12 -------- d-----w- C:\Users\will\AppData\Roaming\88366
    2011-11-26 16:36:10 284160 ----a-w- C:\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    2011-11-26 11:17:40 -------- d-sh--w- C:\ProgramData\SecuROM
    2011-11-26 11:06:37 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2011-11-26 11:06:08 -------- d-----w- C:\Windows\SysWow64\xlive
    2011-11-26 11:06:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2011-11-25 19:55:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2011-11-25 19:55:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2011-11-25 19:55:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2011-11-25 19:55:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2011-11-25 19:55:02 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2011-11-25 19:55:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2011-11-25 19:55:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2011-11-25 19:55:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2011-11-25 19:54:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2011-11-25 19:54:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2011-11-23 20:30:33 32256 ----a-w- C:\Windows\SysWow64\J3Tl3.com
    2011-11-16 20:00:47 -------- d-----we C:\Windows\system64
    2011-11-12 16:19:02 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
    2011-11-12 16:19:02 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2011-11-12 16:19:02 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
    2011-11-12 16:19:02 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2011-11-12 16:19:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2011-11-12 16:19:00 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
    2011-11-12 16:17:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
    2011-11-11 21:08:46 -------- d-----w- C:\Program Files (x86)\LP
    2011-11-11 20:04:04 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
    2011-11-10 23:28:31 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
    2011-11-10 23:28:30 -------- d-----w- C:\ProgramData\Tarma Installer
    2011-11-10 23:28:26 -------- d-----w- C:\Program Files (x86)\PlayPickle Toolbar
    2011-11-09 12:18:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 12:18:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:18:04 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 12:18:04 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
    2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    .
    ============= FINISH: 10:58:47.07 ===============
     

    Attached Files:

  2. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
  3. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya rabbit12,

    Do the following :-

    Disable teatimer and leave off for now.
    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    Next,

    There is a proxy server running in Internet Explorer, if you did not set that up do the following:

    Open Internet Explorer, Select -> Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Kevin:

    Thanks so much for the help. Here is the log from the ComboFix scan.

    ComboFix 11-12-04.04 - Admin 12/04/2011 18:45:45.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2180 [GMT -5:00]
    Running from: c:\users\Admin\Desktop\Gotcha.exe
    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\progra~2\Pagemood\PAGEmo~1.dll
    c:\program files (x86)\LP
    c:\program files (x86)\LP\81B8\7A9.exe
    c:\program files (x86)\LP\A738\C6F.exe
    c:\program files (x86)\LP\E038\92B.exe
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
    c:\programdata\vMttfGqwJXmmgo.exe
    c:\users\Admin\AppData\Roaming\88366
    c:\users\Admin\AppData\Roaming\88366\6902.836
    c:\users\Admin\AppData\Roaming\88366\C55A7.exe
    c:\users\Admin\AppData\Roaming\iexplore.exe
    c:\users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe
    c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\searchplugins\bing-zugo.xml
    c:\users\Will Everyday\AppData\Roaming\8327.tmp
    c:\users\Will Everyday\AppData\Roaming\firefox.exe
    c:\users\Will Everyday\AppData\Roaming\java.exe
    c:\users\will\AppData\Roaming\iexplore.exe
    c:\users\will\Uninstall.exe
    c:\windows\system32\consrv.dll
    c:\windows\System64
    c:\windows\Tasks\At1.job
    c:\windows\Temp\_ex-08.exe
    c:\windows\Temp\_ex-68.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\will\AppData\Local\temp
    2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\Will Everyday\AppData\Local\temp
    2011-12-05 00:35 . 2011-12-05 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-12-05 00:35 . 2011-12-05 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-04 23:11 . 2011-12-04 23:11 127 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
    2011-12-04 23:00 . 2011-12-04 23:00 -------- d-----w- c:\program files (x86)\66902
    2011-12-02 08:46 . 2011-12-01 22:13 116224 ----a-w- c:\windows\SysWow64\J3Tl3.com
    2011-11-30 21:23 . 2011-11-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-11-30 21:13 . 2011-11-30 21:13 285696 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
    2011-11-29 21:49 . 2011-11-29 21:49 285184 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
    2011-11-29 21:45 . 2011-11-29 21:45 -------- d-----w- C:\found.001
    2011-11-28 14:49 . 2011-11-28 14:49 -------- d--h--w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    2011-11-28 14:37 . 2011-11-28 14:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2011-11-28 14:37 . 2011-11-28 14:37 -------- d--h--w- c:\users\will\AppData\Local\Microsoft Help
    2011-11-28 14:37 . 2011-11-30 21:25 -------- d-----w- c:\programdata\Microsoft Help
    2011-11-28 14:36 . 2011-11-28 14:36 -------- d-----r- C:\MSOCache
    2011-11-28 08:45 . 2011-11-28 11:43 -------- d--h--w- c:\windows\AxInstSV
    2011-11-26 18:38 . 2011-11-26 18:38 -------- d-----w- C:\Roxio
    2011-11-26 16:40 . 2011-11-26 16:40 127 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
    2011-11-26 16:37 . 2011-12-04 23:11 -------- d-----w- c:\users\Admin\AppData\Roaming\66902
    2011-11-26 16:37 . 2011-11-26 16:37 98816 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
    2011-11-26 16:36 . 2011-11-26 16:40 -------- d--h--w- c:\users\will\AppData\Roaming\66902
    2011-11-26 16:36 . 2011-11-26 16:36 98816 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
    2011-11-26 16:36 . 2011-12-04 23:00 -------- d--h--w- c:\users\will\AppData\Roaming\88366
    2011-11-26 16:36 . 2011-11-26 16:41 284160 ---ha-w- c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    2011-11-26 16:14 . 2011-11-26 16:14 -------- d-----w- c:\users\Admin\AppData\Local\Rockstar Games
    2011-11-26 11:17 . 2011-11-26 11:17 -------- d-sh--w- c:\programdata\SecuROM
    2011-11-26 11:15 . 2011-11-26 11:15 -------- d-----w- c:\users\Will Everyday\AppData\Local\Rockstar Games
    2011-11-26 11:11 . 2011-11-26 11:11 -------- d--h--r- c:\users\Will Everyday\AppData\Roaming\SecuROM
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
    2011-11-26 11:06 . 2011-11-26 11:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\windows\SysWow64\xlive
    2011-11-25 19:55 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-11-25 19:55 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
    2011-11-25 19:55 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
    2011-11-25 19:55 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-11-25 19:55 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2011-11-25 19:54 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2011-11-25 19:54 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2011-11-20 14:06 . 2011-11-20 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
    2011-11-20 11:30 . 2011-12-04 23:16 276480 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
    2011-11-20 03:36 . 2011-11-20 03:36 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
    2011-11-19 23:07 . 2011-11-19 23:07 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
    2011-11-19 15:05 . 2011-11-19 15:05 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
    2011-11-18 00:24 . 2011-11-18 00:24 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
    2011-11-17 09:36 . 2011-11-17 09:36 289792 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
    2011-11-17 01:04 . 2011-11-17 01:04 -------- d-----w- c:\users\Admin\AppData\Local\Connectify
    2011-11-13 23:37 . 2011-11-13 23:37 276480 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
    2011-11-12 16:19 . 2011-11-12 16:19 -------- d-----w- c:\users\Will Everyday\AppData\Local\Skyrim
    2011-11-12 16:19 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-11-12 16:19 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2011-11-12 16:19 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-11-12 16:17 . 2007-10-12 20:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll
    2011-11-11 21:37 . 2011-11-11 21:37 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe
    2011-11-11 20:57 . 2011-12-01 22:40 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\66902
    2011-11-11 20:57 . 2011-11-11 20:57 98816 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp
    2011-11-11 20:57 . 2011-12-04 23:04 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\88366
    2011-11-11 20:04 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
    2011-11-10 23:28 . 2011-11-10 23:28 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
    2011-11-10 23:28 . 2011-11-15 01:20 -------- d-----w- c:\program files (x86)\PlayPickle Toolbar
    2011-11-09 12:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 12:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 12:18 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-26 16:50 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-11-26 16:50 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-01 03:25 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:42 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
    2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-09-27 23:29 . 2011-09-27 23:29 18944 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2011-09-27 23:29 . 2011-09-27 23:29 11264 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
    2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\MovieBario\prxtbMovi.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CBF3FDCA-6104-1864-D931-D737D2BFC202}]
    2011-09-27 23:28 1534976 ----a-w- c:\program files (x86)\SocialRibbons LP5\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
    "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"= "c:\program files (x86)\MovieBario\prxtbMovi.dll" [2011-01-17 175912]
    "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
    "IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-09-27 366024]
    "BuzzUpdt.exe"="c:\program files (x86)\Buzzcustom\BuzzUpdt.exe" [2011-07-11 419328]
    "FreeFrogUpdt.exe"="c:\program files (x86)\FreeFrog\FreeFrogUpdt.exe" [2011-08-30 419328]
    "PageUpdt.exe"="c:\program files (x86)\Pagemood\PageUpdt.exe" [2011-07-11 419328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
    .
    c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]
    2011-11-29 21:59 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-24 2320920]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-04 c:\windows\Tasks\At10.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At12.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At14.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At16.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At18.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At20.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At22.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At24.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At26.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At28.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At30.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At32.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At34.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At36.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At38.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At4.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At40.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-05 c:\windows\Tasks\At42.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At44.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At46.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At48.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At50.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At6.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\At8.job
    - c:\windows\system32\J3Tl3.com [2011-12-02 22:13]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005Core.job
    - c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
    .
    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005UA.job
    - c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
    .
    2011-11-15 c:\windows\Tasks\One-Click Tweak.job
    - c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-07-05 18:14]
    .
    2011-06-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
    .
    2011-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-07-29 6470760]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-08-04 3221152]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "combofix"="c:\gotcha\CF2727.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:59333
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
    TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
    TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59333
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Iminent WebBooster: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF - Ext: Window Shopper - Powered by Superfish: [email protected] - c:\programdatamozilla\Extensions\[email protected]
    FF - Ext: MSN Toolbar: [email protected] - c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
    Wow6432Node-HKCU-Run-343.exe - c:\users\Admin\AppData\Roaming\Microsoft\A1C8\343.exe
    Wow6432Node-HKCU-Run-C6F.exe - c:\users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe
    Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Wow6432Node-HKLM-Run-TaskTray - (no file)
    Wow6432Node-HKLM-Run-92B.exe - c:\program files (x86)\LP\E038\92B.exe
    Wow6432Node-HKLM-Run-7A9.exe - c:\program files (x86)\LP\81B8\7A9.exe
    Wow6432Node-HKLM-Run-C6F.exe - c:\program files (x86)\LP\A738\C6F.exe
    Toolbar-Locked - (no file)
    WebBrowser-{58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3933724382-1039634698-3548269274-1006\Software\SecuROM\License information*]
    "datasecu"=hex:67,52,22,31,e3,64,40,9c,3d,1b,29,58,57,97,7d,b0,59,90,74,34,91,
    b3,5f,c3,6d,60,c3,23,a6,59,f5,26,b8,33,83,fe,5d,af,f2,78,f3,3f,0f,36,a7,a4,\
    "rkeysecu"=hex:b2,30,b7,0a,8b,0d,24,f7,68,c9,3a,1b,0c,e8,fb,bc
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-04 20:12:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-05 01:12
    .
    Pre-Run: 303,877,185,536 bytes free
    Post-Run: 311,714,304,000 bytes free
    .
    - - End Of File - - 6D57CEED39588DEAB2DBF386C69BD151
     
  6. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Kevin:

    One more thing. The spybot was not in his system tray so I am not sure I adequately disabled it. My son's "master" desktop which I ran the original scans from would not even load today so I could not tell if it was on that one. I ran these from an administrator account and there was no spybot in that system tray.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, dont worry about Spybot for now, continue as follows :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    AtJob::
    File::
    c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
    c:\windows\SysWow64\J3Tl3.com
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
    c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
    c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
    c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
    c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
    c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
    c:\windows\system32\J3Tl3.com
    Folder::
    C:\found.001
    c:\program files (x86)\66902
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    c:\users\Admin\AppData\Roaming\66902
    c:\users\will\AppData\Roaming\66902
    c:\users\will\AppData\Roaming\88366
    c:\program files (x86)\MovieBario
    c:\program files (x86)\uTorrentBar
    c:\program files (x86)\SocialRibbons LP5
    c:\program files (x86)\Ask.com
    c:\program files (x86)\IncrediMail_MediaBar_2
    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{97788FC1-B4B7-49DC-B4AD-51BFCD27A7CE}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CBF3FDCA-6104-1864-D931-D737D2BFC202}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=- 
    "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"=- 
    "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_CLASSES_ROOT\clsid\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew] 
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:59333
    
    Firefox::
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59333
    FF - prefs.js: network.proxy.type - 1
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see those two logs, also give update on current issues/concerns...

    Kevin
     
  8. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Kevin:

    Here are the logs. I had uninstalled the Ask toolbar as well as the utorrent and the moviebarrio last night so those will not appear on the deleted list. Before running the ESET scan I was still getting redirected when pulling up webpages but that is likely due to all the trajans. I would love to get rid of weatherbug and the incredimail programs too. There is no uninstall for the weatherbug and I have not yet checked the incredimail but will later.

    ComboFix 11-12-04.04 - Admin 12/05/2011 8:08.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2261 [GMT -5:00]
    Running from: c:\users\Admin\Desktop\Gotcha.exe
    Command switches used :: c:\users\Admin\Desktop\CFScript.txt
    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp"
    "c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe"
    "c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe"
    "c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp"
    "c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat"
    "c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe"
    "c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll"
    "c:\windows\system32\J3Tl3.com"
    "c:\windows\SysWow64\J3Tl3.com"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\found.001
    c:\found.001\file0000.chk
    c:\program files (x86)\66902
    c:\program files (x86)\Ask.com
    c:\program files (x86)\Ask.com\cobrand.ico
    c:\program files (x86)\Ask.com\config.xml
    c:\program files (x86)\Ask.com\favicon.ico
    c:\program files (x86)\Ask.com\fv_8ee0.ico
    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    c:\program files (x86)\Ask.com\mupcfg.xml
    c:\program files (x86)\Ask.com\SaUpdate.exe
    c:\program files (x86)\Ask.com\UpdateTask.exe
    c:\program files (x86)\IncrediMail_MediaBar_2
    c:\program files (x86)\IncrediMail_MediaBar_2\GottenAppsContextMenu.xml
    c:\program files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper.exe
    c:\program files (x86)\IncrediMail_MediaBar_2\ldrtbIncr.dll
    c:\program files (x86)\IncrediMail_MediaBar_2\OtherAppsContextMenu.xml
    c:\program files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
    c:\program files (x86)\IncrediMail_MediaBar_2\SharedAppsContextMenu.xml
    c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
    c:\program files (x86)\IncrediMail_MediaBar_2\toolbar.cfg
    c:\program files (x86)\IncrediMail_MediaBar_2\ToolbarContextMenu.xml
    c:\program files (x86)\IncrediMail_MediaBar_2\uninstall.exe
    c:\program files (x86)\SocialRibbons LP5
    c:\program files (x86)\SocialRibbons LP5\aboutTabs.7.js
    c:\program files (x86)\SocialRibbons LP5\aboutTabs.8.js
    c:\program files (x86)\SocialRibbons LP5\audio.bmp
    c:\program files (x86)\SocialRibbons LP5\banner_container.html
    c:\program files (x86)\SocialRibbons LP5\bookmark_off.bmp
    c:\program files (x86)\SocialRibbons LP5\bookmark_on.bmp
    c:\program files (x86)\SocialRibbons LP5\bookmarksplugin.dll
    c:\program files (x86)\SocialRibbons LP5\bubble_permissions.html
    c:\program files (x86)\SocialRibbons LP5\build
    c:\program files (x86)\SocialRibbons LP5\caching_banner.html
    c:\program files (x86)\SocialRibbons LP5\chevron.bmp
    c:\program files (x86)\SocialRibbons LP5\component.xsl
    c:\program files (x86)\SocialRibbons LP5\default.xml
    c:\program files (x86)\SocialRibbons LP5\efolder.bmp
    c:\program files (x86)\SocialRibbons LP5\email.bmp
    c:\program files (x86)\SocialRibbons LP5\email2.bmp
    c:\program files (x86)\SocialRibbons LP5\emailchecker_plugin.dll
    c:\program files (x86)\SocialRibbons LP5\facebook.feature
    c:\program files (x86)\SocialRibbons LP5\fbrss.xsl
    c:\program files (x86)\SocialRibbons LP5\ff.xsl
    c:\program files (x86)\SocialRibbons LP5\folder.bmp
    c:\program files (x86)\SocialRibbons LP5\Helper.dll
    c:\program files (x86)\SocialRibbons LP5\icons.bmp
    c:\program files (x86)\SocialRibbons LP5\iefavelem.bmp
    c:\program files (x86)\SocialRibbons LP5\images\amazon.bmp
    c:\program files (x86)\SocialRibbons LP5\images\ebay.bmp
    c:\program files (x86)\SocialRibbons LP5\images\email.bmp
    c:\program files (x86)\SocialRibbons LP5\images\email2.bmp
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\down.gif
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\hr.bmp
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark_do.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\mark_na.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\navbg.bmp
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh_do.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\refresh_na.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash_do.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\trash_na.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark_do.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\unmark_na.png
    c:\program files (x86)\SocialRibbons LP5\images\msgbox\up.gif
    c:\program files (x86)\SocialRibbons LP5\images\ticker\left.gif
    c:\program files (x86)\SocialRibbons LP5\images\ticker\right.gif
    c:\program files (x86)\SocialRibbons LP5\images\weather\0.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\1.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\10.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\11.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\12.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\13.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\14.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\15.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\16.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\17.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\18.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\19.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\2.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\20.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\21.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\22.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\23.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\24.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\25.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\26.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\27.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\28.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\29.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\3.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\30.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\31.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\32.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\33.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\34.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\35.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\36.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\37.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\38.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\39.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\4.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\40.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\41.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\42.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\43.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\44.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\45.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\46.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\47.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\5.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\6.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\7.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\8.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\9.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\hr.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\na.bmp
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\0.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\1.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\10.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\11.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\12.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\13.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\14.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\15.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\16.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\17.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\18.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\19.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\2.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\20.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\21.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\22.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\23.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\24.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\25.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\26.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\27.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\28.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\29.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\3.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\30.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\31.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\32.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\33.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\34.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\35.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\36.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\37.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\38.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\39.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\4.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\40.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\41.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\42.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\43.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\44.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\45.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\46.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\47.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\5.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\6.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\7.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\8.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\9.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\na.png
    c:\program files (x86)\SocialRibbons LP5\images\weather\png\Thumbs.db
    c:\program files (x86)\SocialRibbons LP5\images\wikipedia.bmp
    c:\program files (x86)\SocialRibbons LP5\images\yahoo.bmp
    c:\program files (x86)\SocialRibbons LP5\localization.xml
    c:\program files (x86)\SocialRibbons LP5\location.xsl
    c:\program files (x86)\SocialRibbons LP5\magglass.ico
    c:\program files (x86)\SocialRibbons LP5\manage_bookmarks.html
    c:\program files (x86)\SocialRibbons LP5\marquee.html
    c:\program files (x86)\SocialRibbons LP5\marquee_permissions.html
    c:\program files (x86)\SocialRibbons LP5\messaging.bmp
    c:\program files (x86)\SocialRibbons LP5\minus.bmp
    c:\program files (x86)\SocialRibbons LP5\msgbox_bubble.tmpl
    c:\program files (x86)\SocialRibbons LP5\msgbox_openmsg.tmpl
    c:\program files (x86)\SocialRibbons LP5\msgboxplugin.dll
    c:\program files (x86)\SocialRibbons LP5\offline.html
    c:\program files (x86)\SocialRibbons LP5\patch.bat
    c:\program files (x86)\SocialRibbons LP5\plus.bmp
    c:\program files (x86)\SocialRibbons LP5\podcast.bmp
    c:\program files (x86)\SocialRibbons LP5\podcast.xsl
    c:\program files (x86)\SocialRibbons LP5\radio.bmp
    c:\program files (x86)\SocialRibbons LP5\RadioPlugin.dll
    c:\program files (x86)\SocialRibbons LP5\resize.bmp
    c:\program files (x86)\SocialRibbons LP5\rssfeed.bmp
    c:\program files (x86)\SocialRibbons LP5\RSSReader_plugin.dll
    c:\program files (x86)\SocialRibbons LP5\search.xsl
    c:\program files (x86)\SocialRibbons LP5\SearchComponent.dll
    c:\program files (x86)\SocialRibbons LP5\settings
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_dropdwn_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_max_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_min_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_pause_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_play_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_playcntrl_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_playcntrl_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_down.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_stop_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_volcntrl_over.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\btn_volcntrl_up.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer1.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer2.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer3.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer4.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer5.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\Equalizer6.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\playcntrl_bg.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_mask.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_minimalized.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\radio_minimalized_mask.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\station.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_01.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_02.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\vol_03.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\volslide_bg.bmp
    c:\program files (x86)\SocialRibbons LP5\skins\radio\gray03\volslide_track.bmp
    c:\program files (x86)\SocialRibbons LP5\star_on.gif
    c:\program files (x86)\SocialRibbons LP5\ticker.html
    c:\program files (x86)\SocialRibbons LP5\Toolbar.dll
    c:\program files (x86)\SocialRibbons LP5\TroubleShooter.exe
    c:\program files (x86)\SocialRibbons LP5\Uninst.exe
    c:\program files (x86)\SocialRibbons LP5\update_progress.html
    c:\program files (x86)\SocialRibbons LP5\version.txt
    c:\program files (x86)\SocialRibbons LP5\version.xsl
    c:\program files (x86)\SocialRibbons LP5\weather_bubble.tmpl
    c:\program files (x86)\SocialRibbons LP5\weatherplugin.dll
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log
    c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log
    c:\users\Admin\AppData\Roaming\66902
    c:\users\Admin\AppData\Roaming\66902\lvvm.exe
    c:\users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp
    c:\users\Admin\AppData\Roaming\Microsoft\A738\bl366227_64.bat
    c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe
    c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe
    c:\users\will\AppData\Roaming\66902
    c:\users\will\AppData\Roaming\66902\lvvm.exe
    c:\users\will\AppData\Roaming\88366
    c:\users\will\AppData\Roaming\88366\6902.836
    c:\users\will\AppData\Roaming\88366\95B0E.exe
    c:\users\will\AppData\Roaming\88366\C55A7.exe
    c:\users\will\AppData\Roaming\Microsoft\A738\6104.tmp
    c:\users\will\AppData\Roaming\Microsoft\A738\bl421093_64.bat
    c:\users\will\AppData\Roaming\Microsoft\A738\C6F.exe
    c:\windows\SysWow64\J3Tl3.com
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At50.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At8.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\Will Everyday\AppData\Local\temp
    2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\will\AppData\Local\temp
    2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-12-05 14:23 . 2011-12-05 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-04 23:32 . 2011-12-05 01:13 -------- d-----w- C:\Gotcha
    2011-11-30 21:23 . 2011-11-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-11-28 14:37 . 2011-11-28 14:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2011-11-28 14:37 . 2011-11-28 14:37 -------- d--h--w- c:\users\will\AppData\Local\Microsoft Help
    2011-11-28 14:37 . 2011-11-30 21:25 -------- d-----w- c:\programdata\Microsoft Help
    2011-11-28 14:36 . 2011-11-28 14:36 -------- d-----r- C:\MSOCache
    2011-11-28 08:45 . 2011-11-28 11:43 -------- d--h--w- c:\windows\AxInstSV
    2011-11-26 18:38 . 2011-11-26 18:38 -------- d-----w- C:\Roxio
    2011-11-26 16:14 . 2011-11-26 16:14 -------- d-----w- c:\users\Admin\AppData\Local\Rockstar Games
    2011-11-26 11:17 . 2011-11-26 11:17 -------- d-sh--w- c:\programdata\SecuROM
    2011-11-26 11:15 . 2011-11-26 11:15 -------- d-----w- c:\users\Will Everyday\AppData\Local\Rockstar Games
    2011-11-26 11:11 . 2011-11-26 11:11 -------- d--h--r- c:\users\Will Everyday\AppData\Roaming\SecuROM
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
    2011-11-26 11:06 . 2011-11-26 11:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2011-11-26 11:06 . 2011-11-26 11:06 -------- d-----w- c:\windows\SysWow64\xlive
    2011-11-25 19:55 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-11-25 19:55 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
    2011-11-25 19:55 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
    2011-11-25 19:55 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-11-25 19:55 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2011-11-25 19:55 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2011-11-25 19:54 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2011-11-25 19:54 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2011-11-20 14:06 . 2011-11-20 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
    2011-11-17 01:04 . 2011-11-17 01:04 -------- d-----w- c:\users\Admin\AppData\Local\Connectify
    2011-11-12 16:19 . 2011-11-12 16:19 -------- d-----w- c:\users\Will Everyday\AppData\Local\Skyrim
    2011-11-12 16:19 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-11-12 16:19 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2011-11-12 16:19 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2011-11-12 16:19 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-11-12 16:17 . 2007-10-12 20:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll
    2011-11-11 21:37 . 2011-11-11 21:37 283136 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe
    2011-11-11 20:57 . 2011-12-01 22:40 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\66902
    2011-11-11 20:57 . 2011-11-11 20:57 98816 ----a-w- c:\users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp
    2011-11-11 20:57 . 2011-12-04 23:04 -------- d-----w- c:\users\Will Everyday\AppData\Roaming\88366
    2011-11-11 20:04 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
    2011-11-10 23:28 . 2011-11-10 23:28 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
    2011-11-10 23:28 . 2011-11-15 01:20 -------- d-----w- c:\program files (x86)\PlayPickle Toolbar
    2011-11-09 12:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 12:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 12:18 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-26 16:50 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-11-26 16:50 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-01 03:25 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:42 . 2011-10-13 11:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
    2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-09-27 23:29 . 2011-09-27 23:29 18944 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2011-09-27 23:29 . 2011-09-27 23:29 11264 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_00.41.54 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-02 19:05 . 2011-12-05 14:30 55142 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-12-04 23:17 36240 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-12-05 01:24 36240 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-12-25 10:42 . 2011-12-04 23:15 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-25 10:42 . 2011-12-05 12:55 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-25 10:42 . 2011-12-04 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-25 10:42 . 2011-12-05 12:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-12-04 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-12-05 12:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-25 10:50 . 2011-12-05 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-25 10:50 . 2011-12-05 00:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-11-11 21:35 . 2011-12-05 00:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-11-11 21:35 . 2011-12-05 14:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-11-11 21:35 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2011-11-11 21:35 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2011-11-11 21:35 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2011-11-11 21:35 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2010-12-25 10:50 . 2011-12-05 00:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-25 10:50 . 2011-12-05 14:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-25 10:50 . 2011-12-05 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-25 10:50 . 2011-12-05 00:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-25 13:18 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-25 13:18 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-25 13:18 . 2011-12-05 14:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-25 13:18 . 2011-12-05 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-12-05 00:39 . 2011-12-05 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-12-05 14:25 . 2011-12-05 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-12-05 00:39 . 2011-12-05 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-05 14:25 . 2011-12-05 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2011-12-05 14:30 688636 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-12-04 23:22 688636 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-12-05 14:30 128836 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-12-04 23:22 128836 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:12 . 2011-12-05 12:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-12-04 23:15 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2011-12-05 14:25 403988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-12-05 00:38 403988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-12-05 12:52 . 2011-12-05 12:52 404756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1004-8192.dat
    - 2011-05-08 18:15 . 2011-12-05 00:38 12542260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1005-8192.dat
    + 2011-05-08 18:15 . 2011-12-05 12:52 12542260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3933724382-1039634698-3548269274-1005-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
    "BuzzUpdt.exe"="c:\program files (x86)\Buzzcustom\BuzzUpdt.exe" [2011-07-11 419328]
    "FreeFrogUpdt.exe"="c:\program files (x86)\FreeFrog\FreeFrogUpdt.exe" [2011-08-30 419328]
    "PageUpdt.exe"="c:\program files (x86)\Pagemood\PageUpdt.exe" [2011-07-11 419328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
    .
    c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-24 2320920]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005Core.job
    - c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
    .
    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933724382-1039634698-3548269274-1005UA.job
    - c:\users\Will Everyday\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-02 14:47]
    .
    2011-11-15 c:\windows\Tasks\One-Click Tweak.job
    - c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-07-05 18:14]
    .
    2011-06-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
    .
    2011-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-07-29 6470760]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E}: NameServer = 192.168.2.1
    TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E}: NameServer = 192.168.2.1
    TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C}: NameServer = 68.87.71.230,68.87.73.246
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
    FF - Ext: Iminent WebBooster: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF - Ext: Window Shopper - Powered by Superfish: [email protected] - c:\programdatamozilla\Extensions\[email protected]
    FF - Ext: MSN Toolbar: [email protected] - c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    AddRemove-IncrediMail_MediaBar_2 Toolbar - c:\program files (x86)\IncrediMail_MediaBar_2\uninstall.exe
    AddRemove-SocialRibbons LP5 - c:\program files (x86)\SocialRibbons LP5\Uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3933724382-1039634698-3548269274-1006\Software\SecuROM\License information*]
    "datasecu"=hex:67,52,22,31,e3,64,40,9c,3d,1b,29,58,57,97,7d,b0,59,90,74,34,91,
    b3,5f,c3,6d,60,c3,23,a6,59,f5,26,b8,33,83,fe,5d,af,f2,78,f3,3f,0f,36,a7,a4,\
    "rkeysecu"=hex:b2,30,b7,0a,8b,0d,24,f7,68,c9,3a,1b,0c,e8,fb,bc
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-05 09:51:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-05 14:51
    ComboFix2.txt 2011-12-05 01:12
    .
    Pre-Run: 311,825,178,624 bytes free
    Post-Run: 311,843,250,176 bytes free
    .
    - - End Of File - - A9D9939C1EE92444FF2A66A3A171DEFA


    C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.AdvPCTweak application
    C:\Program Files (x86)\PlayPickle Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application
    C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
    C:\Qoobox\Quarantine\C\Program Files (x86)\LP\81B8\7A9.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\LP\A738\C6F.exe.vir a variant of Win32/Kryptik.WDN trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\LP\E038\92B.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\ProgramData\vMttfGqwJXmmgo.exe.vir a variant of Win32/Kryptik.WKH trojan
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\iexplore.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\66902\lvvm.exe.vir a variant of Win32/Kryptik.WPP trojan
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\88366\C55A7.exe.vir a variant of Win32/Kryptik.WPP trojan
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Microsoft\A738\7964.tmp.vir a variant of Win32/Kryptik.VGH trojan
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Microsoft\A738\C6F.exe.vir a variant of Win32/Kryptik.WPP trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\iexplore.exe.vir a variant of Win32/Kryptik.WDN trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\66902\lvvm.exe.vir a variant of Win32/Kryptik.WPP trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\88366\95B0E.exe.vir a variant of Win32/Kryptik.WDN trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\88366\C55A7.exe.vir a variant of Win32/Kryptik.WDN trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\Microsoft\A738\6104.tmp.vir a variant of Win32/Kryptik.VGH trojan
    C:\Qoobox\Quarantine\C\Users\will\AppData\Roaming\Microsoft\A738\C6F.exe.vir a variant of Win32/Kryptik.WPP trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\8327.tmp.vir a variant of Win32/Kryptik.WKS trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\firefox.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\java.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\11B8\F22.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\4198\5A1.exe.vir a variant of Win32/Kryptik.VJK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\61D8\2CF.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\93A8\3FB.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A1C8\343.exe.vir a variant of Win32/Kryptik.VZB trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\88AF.exe.vir a variant of Win32/Kryptik.WKJ trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\C6F.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\A738\E5FA.exe.vir a variant of Win32/Kryptik.WIM trojan
    C:\Qoobox\Quarantine\C\Users\Will Everyday\AppData\Roaming\Microsoft\C1F8\16A.exe.vir Win32/Cycbot.AK trojan
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
    C:\Qoobox\Quarantine\C\Windows\SysWOW64\J3Tl3.com.vir a variant of Win32/Kryptik.VRX trojan
    C:\Users\Will Everyday\AppData\Roaming\66902\lvvm.exe a variant of Win32/Kryptik.WMJ trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\44AC1.exe a variant of Win32/Kryptik.VZB trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\611A1.exe a variant of Win32/Kryptik.VZB trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\95B0E.exe a variant of Win32/Kryptik.WMJ trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\9B061.exe a variant of Win32/Kryptik.VZB trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\AD611.exe a variant of Win32/Kryptik.VZB trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\B6F93.exe a variant of Win32/Kryptik.VZB trojan
    C:\Users\Will Everyday\AppData\Roaming\88366\C55A7.exe a variant of Win32/Kryptik.WMJ trojan
    C:\Users\Will Everyday\AppData\Roaming\Microsoft\81B8\7A9.exe Win32/Cycbot.AK trojan
    C:\Users\Will Everyday\AppData\Roaming\Microsoft\E038\B5C0.tmp a variant of Win32/Kryptik.VGH trojan
    C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.AdvPCTweak application
    C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe probably a variant of Win32/TrojanDownloader.Whizelown.I trojan
    C:\Users\Will Everyday\Downloads\installer-for-directx.exe probably a variant of MSIL/Agent.NGQ trojan
    C:\Users\Will Everyday\Downloads\registryboosterplc.exe Win32/RegistryBooster application
    C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe a variant of Win32/Adware.OpenInstall application
    C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe a variant of Win32/SoftonicDownloader.A application
    C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    I`ve not seen a system this infectedfor quite some time, OK continue:

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------
      :Files
      ipconfig /flushdns /c
      c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8
      c:\users\Will Everyday\AppData\Roaming\66902
      c:\users\Will Everyday\AppData\Roaming\Microsoft\E038
      c:\users\Will Everyday\AppData\Roaming\88366
      c:\program files (x86)\Yontoo Layers Runtime
      c:\program files (x86)\PlayPickle Toolbar
      c:\program files (x86)\AWS
      c:\windows\system32\DRIVERS\Lbd.sys
      c:\users\Admin\AppData\Roaming\Microsoft\A738
      c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8
      c:\users\Will Everyday\AppData\Roaming\Microsoft\4198
      c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8
      c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8
      c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8
      c:\users\Will Everyday\AppData\Roaming\Microsoft\A738
      c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8
      c:\users\will\AppData\Roaming\Microsoft\A738
      c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll"
      c:\windows\system32\J3Tl3.com
      c:\windows\SysWow64\J3Tl3.com
      C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe
      C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe
      C:\Users\Will Everyday\Downloads\installer-for-directx.exe
      C:\Users\Will Everyday\Downloads\registryboosterplc.exe
      C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe
      C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe
      C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll
      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll
      :Reg
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Weather"=-
      :Services
      Lbd
      :Commands
      [EmptyTemp]
      [Reboot]
      [ResetHosts]
      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Let me see those logs, give update on current issues/concerns..

    Kevin
     
  10. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Kevin:

    I feared it was a big mess. That is what happens when you have a 12 year old who loves to play Minecraft, go on Steam and visit programming chat sites! Despite all the warnings and explanations of what not to do, he still seems to get into trouble. We so appreciate all your help!

    Here are the latest logs:
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Admin\Desktop\cmd.bat deleted successfully.
    C:\Users\Admin\Desktop\cmd.txt deleted successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\81B8 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\66902 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\E038 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\88366 folder moved successfully.
    c:\program files (x86)\Yontoo Layers Runtime folder moved successfully.
    c:\program files (x86)\PlayPickle Toolbar\Resources\skin folder moved successfully.
    c:\program files (x86)\PlayPickle Toolbar\Resources\images folder moved successfully.
    c:\program files (x86)\PlayPickle Toolbar\Resources folder moved successfully.
    c:\program files (x86)\PlayPickle Toolbar folder moved successfully.
    c:\program files (x86)\AWS\WeatherBug\Local folder moved successfully.
    c:\program files (x86)\AWS\WeatherBug folder moved successfully.
    c:\program files (x86)\AWS folder moved successfully.
    File/Folder c:\windows\system32\DRIVERS\Lbd.sys not found.
    c:\users\Admin\AppData\Roaming\Microsoft\A738 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\11B8 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\4198 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\61D8 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\93A8 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A1C8 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\A738 folder moved successfully.
    c:\users\Will Everyday\AppData\Roaming\Microsoft\C1F8 folder moved successfully.
    c:\users\will\AppData\Roaming\Microsoft\A738 folder moved successfully.
    DllUnregisterServer procedure not found in c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
    c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll moved successfully.
    File/Folder c:\windows\system32\J3Tl3.com not found.
    File/Folder c:\windows\SysWow64\J3Tl3.com not found.
    C:\Users\Will Everyday\Downloads\AdvancedPCTweaker_Setup.exe moved successfully.
    C:\Users\Will Everyday\Downloads\GamesMovies_SB1.exe moved successfully.
    C:\Users\Will Everyday\Downloads\installer-for-directx.exe moved successfully.
    C:\Users\Will Everyday\Downloads\registryboosterplc.exe moved successfully.
    C:\Users\Will Everyday\Downloads\setup_PlayPickle_v1.exe moved successfully.
    C:\Users\Will Everyday\Downloads\SoftonicDownloader_for_call-of-duty-4.exe moved successfully.
    File/Folder C:\Windows\System32\config\systemprofile\AppData\Local\klartew.dll not found.
    File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll not found.
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
    ========== SERVICES/DRIVERS ==========
    Service Lbd stopped successfully!
    Service Lbd deleted successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 367536 bytes
    ->Temporary Internet Files folder emptied: 30509108 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5498707 bytes
    ->Flash cache emptied: 43965 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 871 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: swl3001

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: will
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 47724545 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43243020 bytes
    ->Flash cache emptied: 51915 bytes

    User: Will Everyday
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 328041 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 221282644 bytes
    ->Google Chrome cache emptied: 141522478 bytes
    ->Flash cache emptied: 188812 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 6544896 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 474.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.19.0 log created on 12052011_151121

    Files moved on Reboot...
    C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    15:17:21.0908 5328 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    15:17:22.0018 5328 ============================================================
    15:17:22.0018 5328 Current date / time: 2011/12/05 15:17:22.0018
    15:17:22.0018 5328 SystemInfo:
    15:17:22.0018 5328
    15:17:22.0018 5328 OS Version: 6.1.7601 ServicePack: 1.0
    15:17:22.0018 5328 Product type: Workstation
    15:17:22.0018 5328 ComputerName: SWL3001-PC
    15:17:22.0018 5328 UserName: Admin
    15:17:22.0018 5328 Windows directory: C:\Windows
    15:17:22.0018 5328 System windows directory: C:\Windows
    15:17:22.0018 5328 Running under WOW64
    15:17:22.0018 5328 Processor architecture: Intel x64
    15:17:22.0018 5328 Number of processors: 4
    15:17:22.0018 5328 Page size: 0x1000
    15:17:22.0018 5328 Boot type: Normal boot
    15:17:22.0018 5328 ============================================================
    15:17:22.0439 5328 Initialize success
    15:18:10.0284 5532 ============================================================
    15:18:10.0284 5532 Scan started
    15:18:10.0284 5532 Mode: Manual; SigCheck; TDLFS;
    15:18:10.0284 5532 ============================================================
    15:18:10.0846 5532 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:18:10.0971 5532 1394ohci - ok
    15:18:11.0064 5532 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
    15:18:11.0095 5532 Acceler - ok
    15:18:11.0158 5532 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:18:11.0189 5532 ACPI - ok
    15:18:11.0236 5532 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:18:11.0329 5532 AcpiPmi - ok
    15:18:11.0423 5532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:18:11.0439 5532 adp94xx - ok
    15:18:11.0454 5532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:18:11.0470 5532 adpahci - ok
    15:18:11.0501 5532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:18:11.0501 5532 adpu320 - ok
    15:18:11.0595 5532 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    15:18:11.0657 5532 AFD - ok
    15:18:11.0688 5532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:18:11.0704 5532 agp440 - ok
    15:18:11.0735 5532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:18:11.0735 5532 aliide - ok
    15:18:11.0751 5532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:18:11.0766 5532 amdide - ok
    15:18:11.0813 5532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:18:11.0860 5532 AmdK8 - ok
    15:18:11.0891 5532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:18:11.0938 5532 AmdPPM - ok
    15:18:11.0985 5532 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    15:18:12.0016 5532 amdsata - ok
    15:18:12.0031 5532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:18:12.0063 5532 amdsbs - ok
    15:18:12.0094 5532 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    15:18:12.0109 5532 amdxata - ok
    15:18:12.0156 5532 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:18:12.0359 5532 AppID - ok
    15:18:12.0453 5532 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:18:12.0468 5532 arc - ok
    15:18:12.0499 5532 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:18:12.0531 5532 arcsas - ok
    15:18:12.0609 5532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:18:12.0796 5532 AsyncMac - ok
    15:18:12.0843 5532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:18:12.0858 5532 atapi - ok
    15:18:12.0921 5532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:18:12.0983 5532 b06bdrv - ok
    15:18:13.0045 5532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:18:13.0123 5532 b57nd60a - ok
    15:18:13.0170 5532 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:18:13.0264 5532 Beep - ok
    15:18:13.0326 5532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:18:13.0357 5532 blbdrive - ok
    15:18:13.0451 5532 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:18:13.0498 5532 bowser - ok
    15:18:13.0545 5532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:18:13.0576 5532 BrFiltLo - ok
    15:18:13.0607 5532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:18:13.0638 5532 BrFiltUp - ok
    15:18:13.0669 5532 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    15:18:13.0763 5532 Bridge - ok
    15:18:13.0794 5532 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    15:18:13.0872 5532 BridgeMP - ok
    15:18:13.0903 5532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:18:13.0981 5532 Brserid - ok
    15:18:13.0997 5532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:18:14.0044 5532 BrSerWdm - ok
    15:18:14.0075 5532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:18:14.0122 5532 BrUsbMdm - ok
    15:18:14.0137 5532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:18:14.0184 5532 BrUsbSer - ok
    15:18:14.0215 5532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:18:14.0247 5532 BTHMODEM - ok
    15:18:14.0371 5532 catchme - ok
    15:18:14.0403 5532 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:18:14.0481 5532 cdfs - ok
    15:18:14.0527 5532 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    15:18:14.0574 5532 cdrom - ok
    15:18:14.0621 5532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:18:14.0652 5532 circlass - ok
    15:18:14.0683 5532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:18:14.0715 5532 CLFS - ok
    15:18:14.0761 5532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:18:14.0793 5532 CmBatt - ok
    15:18:14.0824 5532 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:18:14.0839 5532 cmdide - ok
    15:18:14.0886 5532 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    15:18:14.0917 5532 CNG - ok
    15:18:14.0949 5532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:18:14.0949 5532 Compbatt - ok
    15:18:14.0995 5532 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:18:15.0042 5532 CompositeBus - ok
    15:18:15.0089 5532 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
    15:18:15.0105 5532 connctfy - ok
    15:18:15.0120 5532 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
    15:18:15.0136 5532 connctfyMP - ok
    15:18:15.0167 5532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:18:15.0183 5532 crcdisk - ok
    15:18:15.0229 5532 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    15:18:15.0292 5532 CtClsFlt - ok
    15:18:15.0339 5532 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:18:15.0417 5532 DfsC - ok
    15:18:15.0432 5532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:18:15.0510 5532 discache - ok
    15:18:15.0557 5532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:18:15.0573 5532 Disk - ok
    15:18:15.0651 5532 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:18:15.0697 5532 drmkaud - ok
    15:18:15.0744 5532 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:18:15.0791 5532 DXGKrnl - ok
    15:18:15.0807 5532 EagleX64 - ok
    15:18:15.0900 5532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:18:16.0025 5532 ebdrv - ok
    15:18:16.0072 5532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:18:16.0103 5532 elxstor - ok
    15:18:16.0150 5532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:18:16.0197 5532 ErrDev - ok
    15:18:16.0243 5532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:18:16.0321 5532 exfat - ok
    15:18:16.0337 5532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:18:16.0384 5532 fastfat - ok
    15:18:16.0399 5532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:18:16.0446 5532 fdc - ok
    15:18:16.0493 5532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:18:16.0509 5532 FileInfo - ok
    15:18:16.0540 5532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:18:16.0618 5532 Filetrace - ok
    15:18:16.0633 5532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:18:16.0633 5532 flpydisk - ok
    15:18:16.0680 5532 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:18:16.0696 5532 FltMgr - ok
    15:18:16.0711 5532 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:18:16.0727 5532 FsDepends - ok
    15:18:16.0758 5532 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    15:18:16.0774 5532 Fs_Rec - ok
    15:18:16.0821 5532 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:18:16.0852 5532 fvevol - ok
    15:18:16.0883 5532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:18:16.0914 5532 gagp30kx - ok
    15:18:16.0961 5532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:18:16.0977 5532 GEARAspiWDM - ok
    15:18:17.0023 5532 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    15:18:17.0039 5532 hamachi - ok
    15:18:17.0055 5532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:18:17.0101 5532 hcw85cir - ok
    15:18:17.0148 5532 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:18:17.0179 5532 HDAudBus - ok
    15:18:17.0226 5532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    15:18:17.0242 5532 HECIx64 - ok
    15:18:17.0257 5532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:18:17.0289 5532 HidBatt - ok
    15:18:17.0304 5532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:18:17.0367 5532 HidBth - ok
    15:18:17.0367 5532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:18:17.0413 5532 HidIr - ok
    15:18:17.0429 5532 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    15:18:17.0476 5532 HidUsb - ok
    15:18:17.0523 5532 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:18:17.0538 5532 HpSAMD - ok
    15:18:17.0585 5532 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:18:17.0694 5532 HTTP - ok
    15:18:17.0725 5532 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:18:17.0741 5532 hwpolicy - ok
    15:18:17.0772 5532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    15:18:17.0803 5532 i8042prt - ok
    15:18:17.0850 5532 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    15:18:17.0881 5532 iaStor - ok
    15:18:17.0897 5532 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    15:18:17.0928 5532 iaStorV - ok
    15:18:18.0193 5532 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:18:18.0521 5532 igfx - ok
    15:18:18.0568 5532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:18:18.0583 5532 iirsp - ok
    15:18:18.0615 5532 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    15:18:18.0677 5532 Impcd - ok
    15:18:18.0739 5532 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
    15:18:18.0802 5532 IntcAzAudAddService - ok
    15:18:18.0833 5532 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    15:18:18.0864 5532 IntcDAud - ok
    15:18:18.0880 5532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:18:18.0895 5532 intelide - ok
    15:18:18.0942 5532 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:18:18.0989 5532 intelppm - ok
    15:18:19.0036 5532 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:18:19.0114 5532 IpFilterDriver - ok
    15:18:19.0145 5532 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:18:19.0161 5532 IPMIDRV - ok
    15:18:19.0176 5532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:18:19.0270 5532 IPNAT - ok
    15:18:19.0332 5532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:18:19.0426 5532 IRENUM - ok
    15:18:19.0473 5532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:18:19.0488 5532 isapnp - ok
    15:18:19.0504 5532 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:18:19.0535 5532 iScsiPrt - ok
    15:18:19.0582 5532 JMCR (baec3cb3627ce439a8ff2ddcee39da54) C:\Windows\system32\DRIVERS\jmcr.sys
    15:18:19.0597 5532 JMCR - ok
    15:18:19.0613 5532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    15:18:19.0629 5532 kbdclass - ok
    15:18:19.0660 5532 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    15:18:19.0691 5532 kbdhid - ok
    15:18:19.0722 5532 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    15:18:19.0738 5532 KSecDD - ok
    15:18:19.0769 5532 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    15:18:19.0785 5532 KSecPkg - ok
    15:18:19.0816 5532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:18:19.0909 5532 ksthunk - ok
    15:18:19.0956 5532 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:18:20.0034 5532 lltdio - ok
    15:18:20.0097 5532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:18:20.0112 5532 LSI_FC - ok
    15:18:20.0128 5532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:18:20.0143 5532 LSI_SAS - ok
    15:18:20.0159 5532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:18:20.0175 5532 LSI_SAS2 - ok
    15:18:20.0190 5532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:18:20.0206 5532 LSI_SCSI - ok
    15:18:20.0221 5532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:18:20.0284 5532 luafv - ok
    15:18:20.0299 5532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:18:20.0299 5532 megasas - ok
    15:18:20.0331 5532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:18:20.0346 5532 MegaSR - ok
    15:18:20.0362 5532 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:18:20.0424 5532 Modem - ok
    15:18:20.0440 5532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:18:20.0487 5532 monitor - ok
    15:18:20.0518 5532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:18:20.0533 5532 mouclass - ok
    15:18:20.0580 5532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:18:20.0611 5532 mouhid - ok
    15:18:20.0658 5532 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:18:20.0674 5532 mountmgr - ok
    15:18:20.0721 5532 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    15:18:20.0736 5532 mpio - ok
    15:18:20.0752 5532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:18:20.0845 5532 mpsdrv - ok
    15:18:20.0861 5532 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    15:18:20.0892 5532 MRxDAV - ok
    15:18:20.0939 5532 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:18:21.0001 5532 mrxsmb - ok
    15:18:21.0033 5532 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:18:21.0079 5532 mrxsmb10 - ok
    15:18:21.0111 5532 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:18:21.0126 5532 mrxsmb20 - ok
    15:18:21.0142 5532 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    15:18:21.0173 5532 msahci - ok
    15:18:21.0204 5532 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    15:18:21.0235 5532 msdsm - ok
    15:18:21.0251 5532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:18:21.0329 5532 Msfs - ok
    15:18:21.0376 5532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:18:21.0407 5532 mshidkmdf - ok
    15:18:21.0407 5532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    15:18:21.0423 5532 msisadrv - ok
    15:18:21.0469 5532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:18:21.0532 5532 MSKSSRV - ok
    15:18:21.0579 5532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:18:21.0657 5532 MSPCLOCK - ok
    15:18:21.0657 5532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:18:21.0719 5532 MSPQM - ok
    15:18:21.0750 5532 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    15:18:21.0766 5532 MsRPC - ok
    15:18:21.0797 5532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    15:18:21.0797 5532 mssmbios - ok
    15:18:21.0813 5532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:18:21.0891 5532 MSTEE - ok
    15:18:21.0922 5532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:18:21.0953 5532 MTConfig - ok
    15:18:21.0984 5532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:18:22.0000 5532 Mup - ok
    15:18:22.0062 5532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:18:22.0109 5532 NativeWifiP - ok
    15:18:22.0187 5532 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    15:18:22.0234 5532 NDIS - ok
    15:18:22.0265 5532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:18:22.0359 5532 NdisCap - ok
    15:18:22.0390 5532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:18:22.0452 5532 NdisTapi - ok
    15:18:22.0468 5532 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:18:22.0530 5532 Ndisuio - ok
    15:18:22.0561 5532 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:18:22.0624 5532 NdisWan - ok
    15:18:22.0671 5532 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    15:18:22.0733 5532 NDProxy - ok
    15:18:22.0764 5532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:18:22.0795 5532 NetBIOS - ok
    15:18:22.0842 5532 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    15:18:22.0920 5532 NetBT - ok
    15:18:23.0139 5532 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
    15:18:23.0451 5532 NETwNs64 - ok
    15:18:23.0482 5532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:18:23.0513 5532 nfrd960 - ok
    15:18:23.0544 5532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:18:23.0622 5532 Npfs - ok
    15:18:23.0653 5532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:18:23.0716 5532 nsiproxy - ok
    15:18:23.0794 5532 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    15:18:23.0872 5532 Ntfs - ok
    15:18:23.0887 5532 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:18:23.0919 5532 Null - ok
    15:18:24.0184 5532 nvlddmkm (011f0596d167d073e6813ae88e7947a9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:18:24.0371 5532 nvlddmkm - ok
    15:18:24.0387 5532 nvpciflt (2bcc53e4ba1acc9b63595c4ae7361ad3) C:\Windows\system32\DRIVERS\nvpciflt.sys
    15:18:24.0387 5532 nvpciflt - ok
    15:18:24.0433 5532 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    15:18:24.0449 5532 nvraid - ok
    15:18:24.0496 5532 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    15:18:24.0511 5532 nvstor - ok
    15:18:24.0558 5532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    15:18:24.0589 5532 nv_agp - ok
    15:18:24.0621 5532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    15:18:24.0667 5532 ohci1394 - ok
    15:18:24.0745 5532 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:18:24.0777 5532 Parport - ok
    15:18:24.0808 5532 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    15:18:24.0823 5532 partmgr - ok
    15:18:24.0855 5532 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    15:18:24.0870 5532 pci - ok
    15:18:24.0886 5532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    15:18:24.0901 5532 pciide - ok
    15:18:24.0933 5532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:18:24.0948 5532 pcmcia - ok
    15:18:24.0964 5532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:18:24.0979 5532 pcw - ok
    15:18:25.0011 5532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:18:25.0120 5532 PEAUTH - ok
    15:18:25.0198 5532 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    15:18:25.0276 5532 PptpMiniport - ok
    15:18:25.0291 5532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:18:25.0307 5532 Processor - ok
    15:18:25.0354 5532 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    15:18:25.0432 5532 Psched - ok
    15:18:25.0463 5532 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    15:18:25.0463 5532 PxHlpa64 - ok
    15:18:25.0494 5532 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    15:18:25.0510 5532 qicflt - ok
    15:18:25.0541 5532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:18:25.0588 5532 ql2300 - ok
    15:18:25.0603 5532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:18:25.0619 5532 ql40xx - ok
    15:18:25.0635 5532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:18:25.0666 5532 QWAVEdrv - ok
    15:18:25.0681 5532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:18:25.0713 5532 RasAcd - ok
    15:18:25.0759 5532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:18:25.0791 5532 RasAgileVpn - ok
    15:18:25.0822 5532 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:18:25.0884 5532 Rasl2tp - ok
    15:18:25.0915 5532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:18:25.0962 5532 RasPppoe - ok
    15:18:26.0009 5532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:18:26.0071 5532 RasSstp - ok
    15:18:26.0118 5532 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    15:18:26.0181 5532 rdbss - ok
    15:18:26.0212 5532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:18:26.0243 5532 rdpbus - ok
    15:18:26.0259 5532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:18:26.0337 5532 RDPCDD - ok
    15:18:26.0368 5532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:18:26.0415 5532 RDPENCDD - ok
    15:18:26.0446 5532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:18:26.0508 5532 RDPREFMP - ok
    15:18:26.0555 5532 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    15:18:26.0617 5532 RDPWD - ok
    15:18:26.0664 5532 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    15:18:26.0680 5532 rdyboost - ok
    15:18:26.0727 5532 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
    15:18:26.0789 5532 RMCAST - ok
    15:18:26.0836 5532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:18:26.0867 5532 rspndr - ok
    15:18:26.0883 5532 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:18:26.0898 5532 RTL8167 - ok
    15:18:26.0929 5532 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    15:18:26.0945 5532 sbp2port - ok
    15:18:26.0976 5532 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    15:18:27.0054 5532 scfilter - ok
    15:18:27.0101 5532 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    15:18:27.0132 5532 sdbus - ok
    15:18:27.0148 5532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:18:27.0241 5532 secdrv - ok
    15:18:27.0257 5532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:18:27.0273 5532 Serenum - ok
    15:18:27.0288 5532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:18:27.0319 5532 Serial - ok
    15:18:27.0351 5532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:18:27.0366 5532 sermouse - ok
    15:18:27.0397 5532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    15:18:27.0429 5532 sffdisk - ok
    15:18:27.0444 5532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    15:18:27.0475 5532 sffp_mmc - ok
    15:18:27.0491 5532 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    15:18:27.0522 5532 sffp_sd - ok
    15:18:27.0538 5532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:18:27.0569 5532 sfloppy - ok
    15:18:27.0600 5532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:18:27.0616 5532 SiSRaid2 - ok
    15:18:27.0631 5532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:18:27.0647 5532 SiSRaid4 - ok
    15:18:27.0663 5532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:18:27.0725 5532 Smb - ok
    15:18:27.0756 5532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:18:27.0756 5532 spldr - ok
    15:18:27.0819 5532 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    15:18:27.0834 5532 srv - ok
    15:18:27.0865 5532 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    15:18:27.0897 5532 srv2 - ok
    15:18:27.0928 5532 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    15:18:27.0959 5532 srvnet - ok
    15:18:28.0006 5532 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    15:18:28.0021 5532 stdcfltn - ok
    15:18:28.0068 5532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:18:28.0084 5532 stexstor - ok
    15:18:28.0115 5532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    15:18:28.0131 5532 swenum - ok
    15:18:28.0209 5532 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
    15:18:28.0255 5532 SynTP - ok
    15:18:28.0333 5532 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    15:18:28.0443 5532 Tcpip - ok
    15:18:28.0474 5532 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    15:18:28.0505 5532 TCPIP6 - ok
    15:18:28.0552 5532 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    15:18:28.0630 5532 tcpipreg - ok
    15:18:28.0661 5532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:18:28.0739 5532 TDPIPE - ok
    15:18:28.0755 5532 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    15:18:28.0817 5532 TDTCP - ok
    15:18:28.0848 5532 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    15:18:28.0926 5532 tdx - ok
    15:18:28.0942 5532 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    15:18:28.0942 5532 TermDD - ok
    15:18:28.0989 5532 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:18:29.0067 5532 tssecsrv - ok
    15:18:29.0113 5532 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    15:18:29.0145 5532 TsUsbFlt - ok
    15:18:29.0191 5532 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    15:18:29.0269 5532 tunnel - ok
    15:18:29.0332 5532 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
    15:18:29.0347 5532 TurboB - ok
    15:18:29.0363 5532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:18:29.0394 5532 uagp35 - ok
    15:18:29.0425 5532 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    15:18:29.0503 5532 udfs - ok
    15:18:29.0550 5532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    15:18:29.0566 5532 uliagpkx - ok
    15:18:29.0581 5532 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    15:18:29.0628 5532 umbus - ok
    15:18:29.0644 5532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:18:29.0675 5532 UmPass - ok
    15:18:29.0737 5532 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    15:18:29.0784 5532 USBAAPL64 - ok
    15:18:29.0800 5532 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:18:29.0831 5532 usbccgp - ok
    15:18:29.0878 5532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    15:18:29.0909 5532 usbcir - ok
    15:18:29.0940 5532 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    15:18:29.0971 5532 usbehci - ok
    15:18:29.0987 5532 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    15:18:30.0018 5532 usbhub - ok
    15:18:30.0049 5532 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    15:18:30.0065 5532 usbohci - ok
    15:18:30.0081 5532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:18:30.0112 5532 usbprint - ok
    15:18:30.0127 5532 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:18:30.0174 5532 USBSTOR - ok
    15:18:30.0190 5532 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    15:18:30.0237 5532 usbuhci - ok
    15:18:30.0283 5532 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    15:18:30.0315 5532 usbvideo - ok
    15:18:30.0330 5532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    15:18:30.0346 5532 vdrvroot - ok
    15:18:30.0361 5532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:18:30.0393 5532 vga - ok
    15:18:30.0408 5532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:18:30.0486 5532 VgaSave - ok
    15:18:30.0517 5532 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    15:18:30.0533 5532 vhdmp - ok
    15:18:30.0549 5532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    15:18:30.0564 5532 viaide - ok
    15:18:30.0580 5532 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    15:18:30.0595 5532 volmgr - ok
    15:18:30.0642 5532 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    15:18:30.0673 5532 volmgrx - ok
    15:18:30.0689 5532 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    15:18:30.0705 5532 volsnap - ok
    15:18:30.0767 5532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:18:30.0783 5532 vsmraid - ok
    15:18:30.0798 5532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:18:30.0845 5532 vwifibus - ok
    15:18:30.0876 5532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:18:30.0923 5532 vwififlt - ok
    15:18:30.0970 5532 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    15:18:31.0001 5532 vwifimp - ok
    15:18:31.0017 5532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:18:31.0063 5532 WacomPen - ok
    15:18:31.0095 5532 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:18:31.0173 5532 WANARP - ok
    15:18:31.0173 5532 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:18:31.0219 5532 Wanarpv6 - ok
    15:18:31.0235 5532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:18:31.0235 5532 Wd - ok
    15:18:31.0266 5532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:18:31.0297 5532 Wdf01000 - ok
    15:18:31.0344 5532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:18:31.0391 5532 WfpLwf - ok
    15:18:31.0407 5532 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    15:18:31.0438 5532 WimFltr - ok
    15:18:31.0453 5532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:18:31.0469 5532 WIMMount - ok
    15:18:31.0531 5532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    15:18:31.0578 5532 WmiAcpi - ok
    15:18:31.0625 5532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:18:31.0719 5532 ws2ifsl - ok
    15:18:31.0765 5532 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    15:18:31.0828 5532 WudfPf - ok
    15:18:31.0859 5532 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:18:31.0937 5532 WUDFRd - ok
    15:18:31.0984 5532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    15:18:32.0015 5532 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    15:18:32.0015 5532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    15:18:32.0093 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    15:18:32.0093 5532 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    15:18:32.0124 5532 Boot (0x1200) (5d2309bc4f6a1c1491111ee13314adc4) \Device\Harddisk0\DR0\Partition0
    15:18:32.0124 5532 \Device\Harddisk0\DR0\Partition0 - ok
    15:18:32.0140 5532 Boot (0x1200) (a4e9b68a63f025b529cf5dadce5e18db) \Device\Harddisk0\DR0\Partition1
    15:18:32.0140 5532 \Device\Harddisk0\DR0\Partition1 - ok
    15:18:32.0140 5532 ============================================================
    15:18:32.0140 5532 Scan finished
    15:18:32.0140 5532 ============================================================
    15:18:32.0155 6628 Detected object count: 2
    15:18:32.0155 6628 Actual detected object count: 2
    15:19:41.0404 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    15:19:41.0404 6628 \Device\Harddisk0\DR0 - ok
    15:19:41.0404 6628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    15:19:41.0404 6628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    15:19:41.0404 6628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    15:20:26.0878 6220 Deinitialize success
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, run this please,

    Download aswMBR from Here
    If it asks to update during the process please allow this to happen.

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Also give update on current issues...

    Kevin
     
  12. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Have not noticed any other issues yet but have not spent alot of time experimenting yet. Latest logs:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-05 16:34:46
    -----------------------------
    16:34:46.683 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:34:46.683 Number of processors: 4 586 0x2505
    16:34:46.683 ComputerName: SWL3001-PC UserName: Admin
    16:34:48.259 Initialize success
    16:36:39.114 AVAST engine defs: 11120501
    16:36:57.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:36:57.195 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    16:36:57.195 Disk 0 MBR read successfully
    16:36:57.210 Disk 0 MBR scan
    16:36:57.210 Disk 0 Windows VISTA default MBR code
    16:36:57.210 Service scanning
    16:36:58.256 Modules scanning
    16:36:58.256 Disk 0 trace - called modules:
    16:36:58.256 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    16:36:58.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f14060]
    16:36:58.271 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004dcbaf0]
    16:36:58.271 5 stdcfltn.sys[fffff88001b2ec52] -> nt!IofCallDriver -> [0xfffffa8004c20d10]
    16:36:58.287 7 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c23050]
    16:37:00.237 AVAST engine scan C:\Windows
    16:37:03.388 AVAST engine scan C:\Windows\system32
    16:38:38.080 AVAST engine scan C:\Windows\system32\drivers
    16:38:48.111 AVAST engine scan C:\Users\Admin
    16:39:40.574 AVAST engine scan C:\ProgramData
    16:40:59.104 Scan finished successfully
    16:43:24.169 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
    16:43:24.185 The log file has been saved successfully to "C:\Users\Admin\Desktop\ASWscan.txt"
     

    Attached Files:

    • MBR.zip
      File size:
      569 bytes
      Views:
      2
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    W`ve definitely made significant progress, logs look good. Run DDS again lets see what that shows...

    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Let me see the two logs in next reply...

    Kevin
     
  14. rabbit12

    rabbit12 Thread Starter

    Joined:
    May 22, 2004
    Messages:
    54
    Sorry for the delay. Had to make dinner...

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Run by Admin at 18:02:45 on 2011-12-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1886 [GMT -5:00]
    .
    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Connectify\Connectifyd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k ipripsvc
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Connectify\Connectify.exe
    C:\Program Files (x86)\Buzzcustom\BuzzUpdt.exe
    C:\Program Files (x86)\FreeFrog\FreeFrogUpdt.exe
    C:\Program Files (x86)\Pagemood\PageUpdt.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Users\Admin\Desktop\aswMBR.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/
    mURLSearchHooks: H - No File
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    TB: {00000000-0000-0000-0000-000000000000} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
    uRun: [BuzzUpdt.exe] C:\Program Files (x86)\Buzzcustom\BuzzUpdt.exe
    uRun: [FreeFrogUpdt.exe] C:\Program Files (x86)\FreeFrog\FreeFrogUpdt.exe
    uRun: [PageUpdt.exe] C:\Program Files (x86)\Pagemood\PageUpdt.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\059636F6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6563647966697D2B496C6C696E67647F6E6 : DhcpNameServer = 192.168.116.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\34F6E6E6F627 : DhcpNameServer = 167.206.251.130 167.206.251.129
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\54163747F6E69616E6 : DhcpNameServer = 204.186.110.76 216.144.187.37
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{1A15714A-59A6-4046-9C69-806455994BAF}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{393B1587-2F0D-4D26-A907-D88BA41DC28E} : NameServer = 192.168.2.1
    TCP: Interfaces\{E23E4590-62B0-4AA2-9233-84FECC3E3A6E} : NameServer = 192.168.2.1
    TCP: Interfaces\{EC59F31F-0029-4608-8F95-79AD09AE323C} : NameServer = 68.87.71.230,68.87.73.246
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
    BHO-X64: IMinent WebBooster - No File
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
    BHO-X64: DCA - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    TB-X64: {00000000-0000-0000-0000-000000000000} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maxnxw46.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z207&install_date=20111110
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z207&form=ZGAADF&install_date=20111110&q=
    FF - Ext: Iminent WebBooster: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF - Ext: Window Shopper - Powered by Superfish: [email protected] - C:\ProgramDataMozilla\Extensions\[email protected]
    FF - Ext: MSN Toolbar: [email protected] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - ffb6d67f-e0e5-4c78-acd2-251c9803bc9b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-2 98208]
    R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-9 892992]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-2 1620584]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-14 1153368]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-2 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-2 2320920]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-05 20:11:21 -------- d-----w- C:\_OTM
    2011-12-05 15:01:57 -------- d-----w- C:\Program Files (x86)\ESET
    2011-12-05 14:56:08 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-05 12:57:42 -------- d-----w- C:\Gotcha19922G
    2011-12-04 23:33:26 98816 ----a-w- C:\Windows\sed.exe
    2011-12-04 23:33:26 518144 ----a-w- C:\Windows\SWREG.exe
    2011-12-04 23:33:26 256000 ----a-w- C:\Windows\PEV.exe
    2011-12-04 23:33:26 208896 ----a-w- C:\Windows\MBR.exe
    2011-12-04 23:32:09 -------- d-----w- C:\Gotcha
    2011-11-28 14:37:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2011-11-26 18:38:20 -------- d-----w- C:\Roxio
    2011-11-26 16:14:26 -------- d-----w- C:\Users\Admin\AppData\Local\Rockstar Games
    2011-11-26 11:17:40 -------- d-sh--w- C:\ProgramData\SecuROM
    2011-11-26 11:06:37 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2011-11-26 11:06:08 -------- d-----w- C:\Windows\SysWow64\xlive
    2011-11-26 11:06:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2011-11-25 19:55:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2011-11-25 19:55:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2011-11-25 19:55:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2011-11-25 19:55:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2011-11-25 19:55:02 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2011-11-25 19:55:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2011-11-25 19:55:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2011-11-25 19:55:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2011-11-25 19:54:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2011-11-25 19:54:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2011-11-20 14:06:08 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
    2011-11-17 01:04:04 -------- d-----w- C:\Users\Admin\AppData\Local\Connectify
    2011-11-12 16:19:02 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
    2011-11-12 16:19:02 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2011-11-12 16:19:02 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
    2011-11-12 16:19:02 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2011-11-12 16:19:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2011-11-12 16:19:00 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
    2011-11-12 16:17:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
    2011-11-11 20:04:04 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91CD31E4-8880-48E0-AEE8-C7F87441AFD2}\mpengine.dll
    2011-11-09 12:18:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 12:18:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:18:04 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 12:18:04 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
    2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    .
    ============= FINISH: 18:03:08.13 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2010 5:45:45 AM
    System Uptime: 12/5/2011 3:21:02 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0MDPK8
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/532mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 290.035 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP279: 11/26/2011 6:02:44 AM - Installed DirectX
    RP280: 11/26/2011 6:05:01 AM - Installed DirectX
    RP281: 11/26/2011 6:05:22 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP282: 11/26/2011 6:06:09 AM - Installed DirectX
    RP283: 11/26/2011 7:03:04 AM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP284: 11/28/2011 9:36:15 AM - Installed Microsoft Office Home and Business 2010
    RP285: 11/28/2011 9:50:02 AM - Removed Window Shopper
    RP286: 11/28/2011 10:18:45 AM - Installed HiJackThis
    RP287: 11/28/2011 10:32:13 AM - Removed HiJackThis
    RP288: 11/29/2011 3:00:26 AM - Windows Update
    RP289: 11/30/2011 4:18:07 PM - Windows Update
    RP290: 12/4/2011 6:34:06 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    AccelerometerP11
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Web Premium
    Adobe Flash CS3 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Flash Professional CS5
    Adobe Media Player
    Adobe Reader 9.1.2
    Adobe Setup
    Advanced Audio FX Engine
    Advanced PC Tweaker v4.2
    Alliance of Valiant Arms
    Apple Application Support
    Apple Software Update
    Armagetron Advanced 0.2.8.3.1.gcc
    ASIO4ALL
    Ask Toolbar
    Battlefield 2142
    Buzzcustom 1.4
    Call of Duty(R) 4 - Modern Warfare(TM) Demo
    CamStudio
    Cheat Engine 6.0
    Cozi
    Crimecraft: BLEEDOUT
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Webcam Central
    Driver Performer
    ESET Online Scanner v3
    FL Studio 10
    Forsaken World
    Fraps (remove only)
    FreeFrog 1.0
    Game Cam 2.6.1.0
    GameSpy Arcade
    GIMP 2.6.11
    Global Agenda
    Google Talk Plugin
    GoToAssist Corporate
    Graboid Video 2.2
    Grand Theft Auto IV
    GraphicsGale FreeEdition version 1.93.17
    IL Download Manager
    Iminent
    IncrediMail
    IncrediMail 2.0
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Internet Explorer
    Java Auto Updater
    Java(TM) 6 Update 24
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Just Cause 2 Demo
    Livestream Procaster
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Halo Trial
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (5.0)
    Mplayer 0.6.9
    MSN Toolbar
    MSN Toolbar Platform
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NetAssistant
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Updatus
    Pagemood 1.4
    PDF Settings CS5
    Photo Notifier and Animation Creator
    Portal
    Pro Motion 6
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Sanctum
    Screen Video Recorder 1.5
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype Toolbars
    Skype™ 4.2
    SocialRibbons LP5
    Spotify
    Spybot - Search & Destroy
    Steam
    Team Fortress 2
    Terraria
    The Elder Scrolls V: Skyrim
    The Incredible Machine: Even More Contraptions
    TinyWord 2.9.0
    TypingMaster
    TypingMaster Pro
    Unity
    Universal Extractor 1.6.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Ventrilo Client
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.1
    WeatherBug
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/5/2011 9:24:28 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/5/2011 8:46:46 AM, Error: Application Popup [1060] - \??\C:\Gotcha19922G\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/5/2011 3:11:22 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2011 7:39:08 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
    12/4/2011 7:29:01 PM, Error: Application Popup [1060] - \??\C:\Gotcha\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/4/2011 6:40:54 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    12/4/2011 6:16:38 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    12/4/2011 6:16:04 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    12/4/2011 6:15:46 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    12/4/2011 6:15:43 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    12/4/2011 6:15:43 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    12/4/2011 6:04:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/4/2011 6:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/4/2011 6:04:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/4/2011 6:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/4/2011 6:00:03 PM, Error: Service Control Manager [7001] - The Connectify service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.
    12/4/2011 5:56:01 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    12/2/2011 2:49:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004bbba10, 0xfffff80000b9c518, 0xfffffa8010de6b80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120211-48110-01.
    11/29/2011 3:05:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    11/28/2011 9:30:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    11/28/2011 9:30:37 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/28/2011 5:59:15 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    11/28/2011 5:59:15 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    .
    ==== End Of File ===========================
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, do the following :-

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    Remove ESET online scanner:

    • Click Start, type programs and features in the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Step 4

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

    Please go to the link below to update.

    Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

    Step 5

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

    Download the latest version of Java Runtime Environment 7 update 1 JRE 7
    • Scroll down to where it says JRE. Java SE 7
    • Check the box to: "Accept License Agreement".
    • Find the download that applies to your operating system. (Please ask if you have any questions.)
    • For Windows 32 bit systems get this Windows x86 Offline
    • For Windows 64 bit systems get this Windows x64
    • Click the "Download JRE" button to the right.

    NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs (Windows 7 or Vista user > Control Panel > Uninstall a Program) and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each of the Java versions.
    • You have at least the following to remove:

    Java 6 Update 24

    • In Windows Explorer, navigate to C:\Program Files\Java\ Delete the contents such as any subfolders, but NOTthe main folder.
    • Do NOT delete C:\Program Files\JavaVM if found!
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
    • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
    • Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

    To disable the JQS service if you don't want to use it:
    • Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.

    Step 7

    Uninstall any of the following that you do not use via Start > Control Panel > Uninstall a Program:

    WeatherBug
    Skype Toolbars
    MSN Toolbar
    MSN Toolbar Platform
    IncrediMail
    IncrediMail 2.0


    Step 8

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run

    Let me know if those steps complete OK, also if you have any remaining issues...

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029156

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice