1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

High Cpu Usage\ Overheating Issues

Discussion in 'Virus & Other Malware Removal' started by Rocbeats, Feb 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Hello, new member here so excuse my newness.. I'm not 100% sure im posting in the correct section, but recently i have been having issues with my laptop as it is running at high usage when it is in idle. The cpu usage is up to 50-60% at random times, also it will overheat and shutdown. The laptop is properly vented and i don't think dust is built up that thick inside. I would of thought this would be a virus issue maybe or something of the sort since i have run many scans with no issues. Anywho, here's my log from hijack.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:54:26 AM, on 2/14/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\LD\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=d6a5e3360000000000001c659d548085
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll
    O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    O4 - HKLM\..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LaCie Desktop Manager Startup] "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\LD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie-Soft - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10260 bytes

    Thanks in advance for any help..
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run the following and post logs:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    We need to see some additional information about what is happening in your machine.

    Download and save DDS to your Desktop from either of the following links:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://compendiate.net/sUBs/dds/dds.scr

    Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created on your Desktop"

    The logs will be named dds.txt and attach.txt".

    Wait until the logs appear and then copy and paste their contents in your post.

    Copy and paste the above logs to next reply..

    Kevin
     
  3. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Hello Kevin. So far, halfway good. I did as instructed for the adware program, and retried to use the program twice but in each attempt after i was able to download the program and start it. My avg pops up after i hit delete on adware, and prompts me about a detected threat, that is the adware program i just downloaded. I scanned the program before starting it to make sure in the first place, in which it came back clean. Anyway after i click on remove threat it completely removes the downloaded adware program and shuts it down. So i wanted to get your feedback before trying anything else. For the other logs i was successful in getting them so here they go.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.15.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    LD :: LD-PC [administrator]

    2/17/2013 2:17:00 AM
    mbam-log-2013-02-17 (02-17-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205565
    Time elapsed: 7 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2
    Run by LD at 2:39:19 on 2013-02-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1340 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k ipripsvc
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=110795&tt=140812_bandext_3312_1&babsrc=HP_ss&mntrId=d6a5e3360000000000001c659d548085
    uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
    BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LaCie Desktop Manager Startup] "c:\program files\lacie\desktop manager\LaCieDesktopManagerStatusItem.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Google Update] "c:\users\ld\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [IntelliType Pro] "c:\program files\microsoft mouse and keyboard center\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft mouse and keyboard center\ipoint.exe"
    mRun: [Genie TimeLine Tray] c:\program files\genie-soft\genie timeline\GSTimeLineAgent.exe -auto
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    TCP: NameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    TCP: Interfaces\{5FBB41A8-5EAC-49F0-AC02-3DD6B5BC5838} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{5FBB41A8-5EAC-49F0-AC02-3DD6B5BC5838}\2375942554138323 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{5FBB41A8-5EAC-49F0-AC02-3DD6B5BC5838}\243424743545F42554053545 : DHCPNameServer = 172.16.10.30 10.50.131.101 10.79.1.102
    TCP: Interfaces\{5FBB41A8-5EAC-49F0-AC02-3DD6B5BC5838}\7627164796475746561313 : DHCPNameServer = 192.168.1.1 192.168.0.1
    TCP: Interfaces\{5FBB41A8-5EAC-49F0-AC02-3DD6B5BC5838}\C696E6B6379737 : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    TCP: Interfaces\{A2D9C798-2DA9-445F-9BF4-60282739C3A1} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ld\appdata\roaming\mozilla\firefox\profiles\xejnmnln.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B23202e31-5712-46e4-831c-be7c05385df8%7D&mid=1b7b2a4ac7fc47d09cf2b1a22fbc1606-c308dba8ee0d8461f49e9e935a206fbcb1eb4517&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-09-28%2010%3A14%3A41&sap=ku&q=
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\users\ld\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\users\ld\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\ld\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-02-06 10:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\ld\appdata\roaming\mozilla\firefox\profiles\xejnmnln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQGHukX5o&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - d6a5e3360000000000001c659d548085
    FF - user.js: extensions.incredibar_i.instlDay - 15568
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:47:44
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQGHukX5o
    FF - user.js: extensions.incredibar_i.upn2n - 92543414073823898
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 34%5F7
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - d6a5e3360000000000001c659d548085
    FF - user.js: extensions.BabylonToolbar.instlDay - 15568
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.623:27:25
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110795&tt=140812_bandext_3312_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 33112]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-12-25 296336]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-1-16 242240]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 GenieTimelineService;Genie Timeline Service;c:\program files\genie-soft\genie timeline\GenieTimelineService.exe [2011-2-2 362624]
    R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\lacie\desktop manager\lacie_dm_service.exe [2012-12-25 822784]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-9 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-9 682344]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\common files\avg secure search\vtoolbarupdater\14.1.7\ToolbarUpdater.exe [2013-2-15 965296]
    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2012-5-17 27760]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-9 21104]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-17 40776]
    R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-9-8 1117800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2012-9-6 38608]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-11 14848]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-23 27192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-11 49664]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-20 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-02-17 10:16:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-02-16 20:26:14 -------- d-----w- c:\windows\system32\??
    2013-02-16 18:53:47 -------- d-----w- c:\windows\system32\?????????
    2013-02-16 18:53:47 -------- d-----w- c:\windows\system32\??
    2013-02-16 06:14:02 -------- d-----w- c:\windows\system32\??
    2013-02-16 01:06:47 -------- d-----w- c:\windows\system32\?è
    2013-02-16 01:06:47 -------- d-----w- c:\windows\system32\?????????
    2013-02-16 01:06:47 -------- d-----w- c:\windows\system32\? ???y???????
    2013-02-15 23:21:22 -------- d-----w- c:\windows\system32\??
    2013-02-15 21:00:20 -------- d-----w- c:\windows\system32\??
    2013-02-15 17:53:08 40507 ------w- c:\program files\microsoft games\age of empires ii\DPLAY61A.EXE
    2013-02-15 12:18:09 -------- d-----w- c:\windows\system32\??
    2013-02-15 12:14:46 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2013-02-14 21:47:55 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 21:47:42 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-14 21:47:41 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-14 21:47:37 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-14 21:47:37 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 21:47:33 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-14 16:34:44 -------- d-----w- c:\windows\system32\??
    2013-02-14 16:33:27 -------- d-----w- c:\windows\system32\?????????
    2013-02-14 16:33:27 -------- d-----w- c:\windows\system32\????
    2013-02-14 04:45:16 -------- d-----w- c:\windows\system32\??
    2013-02-13 22:45:42 -------- d-----w- c:\windows\system32\??
    2013-02-13 20:12:36 -------- d-----w- c:\windows\system32\??
    2013-02-13 15:45:56 -------- d-----w- c:\windows\system32\??
    2013-02-13 15:44:25 -------- d-----w- c:\windows\system32\?'???????????
    2013-02-13 15:44:23 -------- d-----w- c:\windows\system32\?????????
    2013-02-13 15:44:23 -------- d-----w- c:\windows\system32\????
    2013-02-12 18:43:57 -------- d-----w- c:\windows\system32\??
    2013-02-12 10:06:25 -------- d-----w- c:\windows\system32\??
    2013-02-11 17:54:36 -------- d-----w- c:\windows\system32\??
    2013-02-09 17:07:38 -------- d-----w- c:\windows\system32\??
    2013-02-09 17:06:15 -------- d-----w- c:\windows\system32\?????????
    2013-02-09 17:06:15 -------- d-----w- c:\windows\system32\????
    2013-02-09 17:06:12 -------- d-----w- c:\windows\system32\?#???????????
    2013-02-09 02:13:33 -------- d-----w- c:\windows\system32\??
    2013-02-09 02:09:55 -------- d-----w- c:\windows\system32\?????????
    2013-02-09 02:09:55 -------- d-----w- c:\windows\system32\????
    2013-02-09 02:09:55 -------- d-----w- c:\windows\system32\?)???????????
    2013-02-09 02:02:44 -------- d-----w- c:\windows\system32\??
    2013-02-09 02:00:31 -------- d-----w- c:\windows\system32\??????Û??
    2013-02-09 02:00:31 -------- d-----w- c:\windows\system32\??
    2013-02-09 01:52:01 -------- d-----w- c:\windows\system32\??
    2013-02-09 01:20:29 -------- d-----w- c:\windows\system32\??
    2013-02-09 00:17:09 -------- d-----w- c:\windows\system32\??
    2013-02-09 00:05:04 -------- d-----w- c:\windows\system32\??
    2013-02-09 00:00:57 -------- d-----w- c:\windows\system32\??
    2013-02-08 23:34:57 -------- d-----w- c:\windows\system32\??
    2013-02-08 11:27:26 -------- d-----w- c:\users\ld\appdata\local\FLT
    2013-02-07 05:35:33 -------- d-----w- c:\users\ld\appdata\roaming\The Creative Assembly
    2013-02-07 04:59:33 -------- d-----w- c:\program files\OpenAL
    2013-02-07 04:59:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-07 04:59:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-07 04:33:06 -------- d-----w- c:\program files\Baldur's Gate - Enhanced Edition
    2013-02-06 21:28:33 -------- d-----w- c:\program files\Microprose
    2013-02-06 18:28:05 -------- d-----w- c:\windows\system32\??
    2013-02-06 18:26:36 -------- d-----w- c:\windows\system32\?????????
    2013-02-06 18:26:36 -------- d-----w- c:\windows\system32\??
    2013-02-06 17:46:03 -------- d-----w- c:\windows\system32\??
    2013-02-06 17:05:54 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-02-06 10:49:26 -------- d-----w- c:\users\ld\appdata\roaming\ValuSoft
    2013-02-03 03:45:33 -------- d-----w- c:\windows\system32\??
    2013-02-01 01:20:50 -------- d-----w- c:\windows\system32\??
    2013-02-01 01:16:22 -------- d-----w- c:\windows\system32\?????????
    2013-02-01 01:16:22 -------- d-----w- c:\windows\system32\??
    2013-02-01 01:16:22 -------- d-----w- c:\windows\system32\?%???????????
    2013-01-30 19:57:02 -------- d-----w- c:\windows\system32\??
    2013-01-30 19:55:20 -------- d-----w- c:\windows\system32\?Ø
    2013-01-30 19:55:20 -------- d-----w- c:\windows\system32\?????????
    2013-01-28 03:36:55 -------- d-----w- c:\windows\system32\??
    2013-01-27 23:48:21 -------- d-----w- c:\windows\system32\?ª
    2013-01-27 23:48:21 -------- d-----w- c:\windows\system32\?????????
    2013-01-27 05:14:13 -------- d-----w- c:\windows\system32\??
    2013-01-27 05:10:13 -------- d-----w- c:\windows\system32\?????????
    2013-01-27 05:10:13 -------- d-----w- c:\windows\system32\??
    2013-01-27 05:05:54 -------- d-----w- c:\windows\system32\??
    2013-01-27 03:34:11 -------- d-----w- c:\windows\system32\???¦
    2013-01-27 03:34:11 -------- d-----w- c:\windows\system32\?????????
    2013-01-27 03:34:10 -------- d-----w- c:\windows\system32\?$???????????
    2013-01-26 21:37:54 -------- d-----w- c:\windows\system32\??
    2013-01-26 19:55:16 -------- d-----w- c:\windows\system32\? ???????????
    2013-01-26 02:19:00 -------- d-----w- c:\windows\system32\??
    2013-01-26 02:14:24 -------- d-----w- c:\windows\system32\???À
    2013-01-26 02:14:24 -------- d-----w- c:\windows\system32\?????????
    2013-01-26 02:11:07 -------- d-----w- c:\windows\system32\??
    2013-01-26 01:13:54 -------- d-----w- c:\windows\system32\?ã
    2013-01-26 01:13:54 -------- d-----w- c:\windows\system32\?????????
    2013-01-25 20:25:55 -------- d-----w- c:\windows\system32\??
    2013-01-25 19:50:53 -------- d-----w- c:\windows\system32\?)???®???????
    2013-01-25 16:32:43 -------- d-----w- c:\windows\system32\??
    2013-01-25 13:04:58 -------- d-----w- c:\windows\system32\?????????
    2013-01-25 13:04:58 -------- d-----w- c:\windows\system32\????
    2013-01-25 11:19:23 -------- d-----w- c:\windows\system32\??
    2013-01-25 11:17:44 -------- d-----w- c:\windows\system32\?ù
    2013-01-25 11:17:44 -------- d-----w- c:\windows\system32\?????????
    2013-01-25 11:17:42 -------- d-----w- c:\windows\system32\?,???????????
    2013-01-24 17:56:43 -------- d-----w- c:\users\ld\appdata\roaming\Tropico 4
    2013-01-24 17:53:59 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
    2013-01-24 17:48:49 -------- d-----w- c:\program files\Kalypso Media
    2013-01-24 15:24:00 -------- d-----w- c:\windows\system32\??
    2013-01-24 15:22:26 -------- d-----w- c:\windows\system32\?????????
    2013-01-24 15:22:26 -------- d-----w- c:\windows\system32\????
    2013-01-24 11:05:02 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-24 10:56:28 -------- d-----w- C:\Scenario
    2013-01-21 20:10:31 -------- d-----w- c:\users\ld\appdata\roaming\Microsoft Games
    2013-01-21 19:42:11 -------- d-----w- c:\windows\system32\??
    2013-01-21 19:23:31 -------- d-----w- c:\windows\system32\?????????
    2013-01-21 19:23:31 -------- d-----w- c:\windows\system32\??
    2013-01-20 23:10:48 -------- d-----w- c:\windows\system32\??
    2013-01-20 23:08:20 842240 ----a-w- c:\windows\system32\ir41c204.rra
    2013-01-20 23:08:20 745984 ----a-w- c:\windows\system32\ir50c3f7.rra
    2013-01-20 23:08:20 56320 ----a-w- c:\windows\system32\iyvu9_32.dll
    2013-01-20 23:08:20 202240 ----a-w- c:\windows\system32\ir32c30d.rra
    2013-01-20 23:08:20 192000 ----a-w- c:\windows\system32\iac2c3d8.rra
    2013-01-20 23:08:20 145408 ----a-w- c:\windows\system32\Ivfsc4e1.rra
    2013-01-20 23:08:20 136704 ----a-w- c:\windows\system32\iacenc.dll
    2013-01-20 18:46:36 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2013-01-20 18:46:35 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2013-01-20 18:46:34 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2013-01-20 18:46:33 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2013-01-20 16:30:32 -------- d-----w- c:\windows\system32\cache
    2013-01-18 16:24:40 -------- d-----w- c:\windows\system32\??
    .
    ==================== Find3M ====================
    .
    2013-02-15 12:04:22 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-09 03:30:15 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-09 03:30:15 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 01:44:22 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-05 19:22:08 44144 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
    2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 2:40:25.75 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/16/2012 9:22:15 PM
    System Uptime: 2/16/2013 12:53:14 PM (14 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1605
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 216 GiB total, 84.766 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 2.322 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.089 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 442 GiB total, 90.213 GiB free.
    H: is FIXED (FAT32) - 23 GiB total, 22.595 GiB free.
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP163: 2/15/2013 4:04:51 AM - Windows Update
    RP164: 2/15/2013 4:23:04 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0
    Adobe Reader X (10.1.4)
    Angry Birds Star Wars
    Ant.com IE add-on
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    AVG PC TuneUp Language Pack (en-US)
    AVG Security Toolbar
    Bonjour
    CCleaner
    CyberLink YouCam 5
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diskeeper 2011
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    HP Product Detection
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    LaCie Desktop Manager 1.4.5
    LaCie Genie Timeline 2.1
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    ooVoo
    OpenAL
    Prison Tycoon 4
    RemoteComms driver
    Revo Uninstaller Pro 2.5.8
    Rise of Nations
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Skype Click to Call
    Skype™ 5.10
    Synaptics Pointing Device Driver
    Tropico 4 1.00
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    VLC media player 1.1.11
    WinRAR 4.20 (32-bit)
    Wuala
    Wuala CBFS
    Wuala OverlayIcons
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 12:26:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/15/2013 4:14:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.
    2/15/2013 4:03:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    2/12/2013 9:27:00 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run AdwCleaner again, if your security program alerts to it either accept the alert or turn the security OFF. Your system has many issues that need to be fixed. I`ll give instruction again for AdwCleaner:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the logs from AdwCleaner and Combofix in next reply please...

    Kevin
     
  5. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Ok, ok mission accomplished. I have here both adware and combofix logs for you in that order.

    # AdwCleaner v2.112 - Logfile created 02/18/2013 at 08:51:23
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : LD - LD-PC
    # Boot Mode : Normal
    # Running from : C:\Users\LD\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\LD\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.41] : icon_url = "hxxps://isearch.avg.com/favicon.ico",

    *************************

    AdwCleaner[S2].txt - [907 octets] - [18/02/2013 08:51:23]

    ########## EOF - C:\AdwCleaner[S2].txt - [966 octets] ##########




    ComboFix 13-02-18.02 - LD 02/18/2013 9:51.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1990 [GMT -8:00]
    Running from: c:\users\LD\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\bce045f8ebf85e31.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\c5c55d798875cbab.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    G:\autorun.inf
    H:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-18 18:01 . 2013-02-18 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-18 17:31 . 2013-02-18 17:31 -------- d-----w- c:\windows\system32\02FD~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\662E~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\04FD~1
    2013-02-18 17:20 . 2013-02-18 18:01 -------- d-----w- c:\users\LD\AppData\Local\temp
    2013-02-18 16:53 . 2013-02-18 16:53 -------- d-----w- c:\windows\system32\BBE9~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\711D~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\2452~1
    2013-02-18 16:51 . 2013-02-18 16:51 115 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-02-18 15:15 . 2013-02-18 15:15 -------- d-----w- c:\users\Default\AppData\Local\visi_coupon
    2013-02-16 20:26 . 2013-02-16 20:26 -------- d-----w- c:\windows\system32\668F~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\421B~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\3FAD~1
    2013-02-16 06:14 . 2013-02-16 06:14 -------- d-----w- c:\windows\system32\8DEE~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\Y2991~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\D418~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\006A~1
    2013-02-15 23:21 . 2013-02-15 23:21 -------- d-----w- c:\windows\system32\C5B2~1
    2013-02-15 21:00 . 2013-02-15 21:00 -------- d-----w- c:\windows\system32\9FDA~1
    2013-02-15 17:53 . 2013-02-15 17:53 40507 ------w- c:\program files\Microsoft Games\Age of Empires II\DPLAY61A.EXE
    2013-02-15 12:18 . 2013-02-15 12:18 -------- d-----w- c:\windows\system32\AA4C~1
    2013-02-15 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 21:47 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 21:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-14 21:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-14 21:47 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 21:47 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-14 21:47 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-14 16:34 . 2013-02-14 16:34 -------- d-----w- c:\windows\system32\EAB3~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\8697~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\4A80~1
    2013-02-14 04:45 . 2013-02-14 04:45 -------- d-----w- c:\windows\system32\937E~1
    2013-02-13 22:45 . 2013-02-13 22:45 -------- d-----w- c:\windows\system32\71F0~1
    2013-02-13 20:12 . 2013-02-13 20:12 -------- d-----w- c:\windows\system32\1A99~1
    2013-02-13 15:45 . 2013-02-13 15:45 -------- d-----w- c:\windows\system32\7C41~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\'E600~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\5A57~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\3C0F~1
    2013-02-12 18:43 . 2013-02-12 18:43 -------- d-----w- c:\windows\system32\981E~1
    2013-02-12 10:06 . 2013-02-12 10:06 -------- d-----w- c:\windows\system32\F309~1
    2013-02-11 17:54 . 2013-02-11 17:54 -------- d-----w- c:\windows\system32\B7E2~1
    2013-02-09 17:07 . 2013-02-09 17:07 -------- d-----w- c:\windows\system32\1716~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\5B50~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\2A1D~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\#7370~1
    2013-02-09 02:13 . 2013-02-09 02:13 -------- d-----w- c:\windows\system32\5975~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\96DC~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\3D23~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\)E828~1
    2013-02-09 02:02 . 2013-02-09 02:02 -------- d-----w- c:\windows\system32\B2B6~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\6CD1~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\1645~1
    2013-02-09 01:52 . 2013-02-09 01:52 -------- d-----w- c:\windows\system32\2420~1
    2013-02-09 01:20 . 2013-02-09 01:20 -------- d-----w- c:\windows\system32\2D54~1
    2013-02-09 00:17 . 2013-02-09 00:17 -------- d-----w- c:\windows\system32\DC99~1
    2013-02-09 00:05 . 2013-02-09 00:05 -------- d-----w- c:\windows\system32\0811~1
    2013-02-09 00:00 . 2013-02-09 00:00 -------- d-----w- c:\windows\system32\3884~1
    2013-02-08 23:34 . 2013-02-08 23:34 -------- d-----w- c:\windows\system32\8D20~1
    2013-02-08 11:27 . 2013-02-08 11:27 -------- d-----w- c:\users\LD\AppData\Local\FLT
    2013-02-07 05:35 . 2013-02-07 05:35 -------- d-----w- c:\users\LD\AppData\Roaming\The Creative Assembly
    2013-02-07 04:59 . 2013-02-07 04:59 -------- d-----w- c:\program files\OpenAL
    2013-02-07 04:59 . 2013-02-07 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-07 04:59 . 2013-02-07 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-07 04:33 . 2013-02-07 04:52 -------- d-----w- c:\program files\Baldur's Gate - Enhanced Edition
    2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\program files\Microprose
    2013-02-06 18:28 . 2013-02-06 18:28 -------- d-----w- c:\windows\system32\FAC5~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\D5DC~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\2743~1
    2013-02-06 17:46 . 2013-02-06 17:46 -------- d-----w- c:\windows\system32\1C74~1
    2013-02-06 17:05 . 2013-02-06 18:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-02-06 10:49 . 2013-02-06 10:49 -------- d-----w- c:\users\LD\AppData\Roaming\ValuSoft
    2013-02-03 03:45 . 2013-02-03 03:45 -------- d-----w- c:\windows\system32\630C~1
    2013-02-01 01:20 . 2013-02-01 01:20 -------- d-----w- c:\windows\system32\B90F~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\6BCE~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\5C1D~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\%644E~1
    2013-01-30 19:57 . 2013-01-30 19:57 -------- d-----w- c:\windows\system32\BEAF~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\4014~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\13DD~1
    2013-01-28 03:36 . 2013-01-28 03:36 -------- d-----w- c:\windows\system32\1932~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\B92B~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\1078~1
    2013-01-27 05:14 . 2013-01-27 05:14 -------- d-----w- c:\windows\system32\3F81~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\7A40~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\14CC~1
    2013-01-27 05:05 . 2013-01-27 05:05 -------- d-----w- c:\windows\system32\4511~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\DE95~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\4713~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\$AB1C~1
    2013-01-26 21:37 . 2013-01-26 21:37 -------- d-----w- c:\windows\system32\F525~1
    2013-01-26 19:55 . 2013-01-26 19:55 -------- d-----w- c:\windows\system32\CA8A~1
    2013-01-26 02:19 . 2013-01-26 02:19 -------- d-----w- c:\windows\system32\899C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\872C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\7A9B~1
    2013-01-26 02:11 . 2013-01-26 02:11 -------- d-----w- c:\windows\system32\4030~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\AD8A~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\5E72~1
    2013-01-25 20:25 . 2013-01-25 20:25 -------- d-----w- c:\windows\system32\AEDF~1
    2013-01-25 19:50 . 2013-01-25 19:50 -------- d-----w- c:\windows\system32\)0025~1
    2013-01-25 16:32 . 2013-01-25 16:32 -------- d-----w- c:\windows\system32\ADF4~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\FC3E~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\7490~1
    2013-01-25 11:19 . 2013-01-25 11:19 -------- d-----w- c:\windows\system32\2B79~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\A1A4~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\9A56~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\_BA71~1
    2013-01-24 17:56 . 2013-02-02 03:01 -------- d-----w- c:\users\LD\AppData\Roaming\Tropico 4
    2013-01-24 17:53 . 2007-07-20 08:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
    2013-01-24 17:48 . 2013-01-24 17:48 -------- d-----w- c:\program files\Kalypso Media
    2013-01-24 15:24 . 2013-01-24 15:24 -------- d-----w- c:\windows\system32\3AA0~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\9517~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\6198~1
    2013-01-24 11:05 . 2013-01-24 11:05 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-24 10:56 . 2013-01-24 10:56 -------- d-----w- C:\Scenario
    2013-01-21 20:10 . 2013-01-21 20:10 -------- d-----w- c:\users\LD\AppData\Roaming\Microsoft Games
    2013-01-21 19:42 . 2013-01-21 19:42 -------- d-----w- c:\windows\system32\3883~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\9352~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\29D9~1
    2013-01-20 23:10 . 2013-01-20 23:10 -------- d-----w- c:\windows\system32\FA07~1
    2013-01-20 23:08 . 2000-06-26 19:57 202240 ----a-w- c:\windows\system32\ir32c30d.rra
    2013-01-20 23:08 . 2000-06-23 22:06 192000 ----a-w- c:\windows\system32\iac2c3d8.rra
    2013-01-20 23:08 . 2000-06-23 22:05 136704 ----a-w- c:\windows\system32\iacenc.dll
    2013-01-20 23:08 . 2000-06-23 18:36 745984 ----a-w- c:\windows\system32\ir50c3f7.rra
    2013-01-20 23:08 . 2000-06-23 02:11 145408 ----a-w- c:\windows\system32\Ivfsc4e1.rra
    2013-01-20 23:08 . 2000-06-22 21:49 842240 ----a-w- c:\windows\system32\ir41c204.rra
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-17 18:44 . 2012-06-04 04:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-17 18:44 . 2012-06-04 04:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-15 12:04 . 2012-08-29 14:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-17 01:44 . 2013-01-17 01:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-01-05 19:22 . 2013-01-05 19:22 44144 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-15 00:49 . 2012-11-09 20:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26 . 2013-01-09 18:38 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 18:38 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 10:46 . 2013-01-09 18:38 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 10:46 . 2013-01-09 18:38 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 10:46 . 2013-01-09 18:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 18:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 18:38 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 18:38 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 10:46 . 2013-01-09 18:38 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 55296 ----a-w- c:\windows\system32\cero.rs
    2012-11-30 04:47 . 2013-01-09 18:37 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 02:55 . 2013-01-09 18:37 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38 . 2013-01-09 18:37 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:48 . 2013-01-14 20:26 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45 . 2013-01-09 18:38 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-02-06 04:16 . 2013-02-06 04:15 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{DF9B4417-4C12-4823-9C1B-E50C270C3626}"
    [HKEY_CLASSES_ROOT\CLSID\{DF9B4417-4C12-4823-9C1B-E50C270C3626}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-12 2456576]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
    "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-02-02 1051264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Users^LD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\LD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-05-10 04:15 116648 ----atw- c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\LD\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-05-25 11:25 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    2012-08-20 23:13 27040888 ----a-w- c:\program files\ooVoo\ooVoo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
    2011-09-09 11:37 247016 ----a-w- c:\program files\CyberLink\YouCam\YouCamService.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
    S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [x]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 18:44]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000Core.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000UA.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    FF - ProfilePath - c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - ExtSQL: 2013-02-06 10:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
    5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a6,8f,d9,d7,ea,0d,ce,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3044)
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    .
    Completion time: 2013-02-18 10:09:51
    ComboFix-quarantined-files.txt 2013-02-18 18:09
    .
    Pre-Run: 88,140,206,080 bytes free
    Post-Run: 88,040,329,216 bytes free
    .
    - - End Of File - - 72AED46715751165993C8D75C2647015
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Continue:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    FileLook::
    c:\windows\DeleteOnReboot.bat
    DirLook::
    c:\windows\system32\02FD~1
    c:\windows\system32\#7370~1
    c:\windows\system32\%644E~1
    c:\windows\system32\$AB1C~1
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Kevin..
     
  7. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Ok, i was able to accomplish the tasks again, although at the start of the combofix run, i disabled the avg even uninstalled it from my laptop. And still, i recieved a message that combofix detected real time scan protection from avg, but prompted that it will still run its program even though it may be effected. So, i ran it and got this log down below. The malware log follows it.


    ComboFix 13-02-18.02 - LD 02/18/2013 12:15:15.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1723 [GMT -8:00]
    Running from: c:\users\LD\Desktop\ComboFix.exe
    Command switches used :: c:\users\LD\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-18 20:25 . 2013-02-18 20:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-02-18 20:25 . 2013-02-18 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-18 17:31 . 2013-02-18 17:31 -------- d-----w- c:\windows\system32\02FD~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\662E~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\04FD~1
    2013-02-18 17:20 . 2013-02-18 20:25 -------- d-----w- c:\users\LD\AppData\Local\temp
    2013-02-18 16:53 . 2013-02-18 16:53 -------- d-----w- c:\windows\system32\BBE9~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\711D~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\2452~1
    2013-02-18 16:51 . 2013-02-18 16:51 115 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-02-18 15:15 . 2013-02-18 15:15 -------- d-----w- c:\users\Default\AppData\Local\visi_coupon
    2013-02-16 20:26 . 2013-02-16 20:26 -------- d-----w- c:\windows\system32\668F~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\421B~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\3FAD~1
    2013-02-16 06:14 . 2013-02-16 06:14 -------- d-----w- c:\windows\system32\8DEE~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\Y2991~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\D418~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\006A~1
    2013-02-15 23:21 . 2013-02-15 23:21 -------- d-----w- c:\windows\system32\C5B2~1
    2013-02-15 21:00 . 2013-02-15 21:00 -------- d-----w- c:\windows\system32\9FDA~1
    2013-02-15 17:53 . 2013-02-15 17:53 40507 ------w- c:\program files\Microsoft Games\Age of Empires II\DPLAY61A.EXE
    2013-02-15 12:18 . 2013-02-15 12:18 -------- d-----w- c:\windows\system32\AA4C~1
    2013-02-15 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 21:47 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 21:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-14 21:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-14 21:47 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 21:47 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-14 21:47 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-14 16:34 . 2013-02-14 16:34 -------- d-----w- c:\windows\system32\EAB3~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\8697~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\4A80~1
    2013-02-14 04:45 . 2013-02-14 04:45 -------- d-----w- c:\windows\system32\937E~1
    2013-02-13 22:45 . 2013-02-13 22:45 -------- d-----w- c:\windows\system32\71F0~1
    2013-02-13 20:12 . 2013-02-13 20:12 -------- d-----w- c:\windows\system32\1A99~1
    2013-02-13 15:45 . 2013-02-13 15:45 -------- d-----w- c:\windows\system32\7C41~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\'E600~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\5A57~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\3C0F~1
    2013-02-12 18:43 . 2013-02-12 18:43 -------- d-----w- c:\windows\system32\981E~1
    2013-02-12 10:06 . 2013-02-12 10:06 -------- d-----w- c:\windows\system32\F309~1
    2013-02-11 17:54 . 2013-02-11 17:54 -------- d-----w- c:\windows\system32\B7E2~1
    2013-02-09 17:07 . 2013-02-09 17:07 -------- d-----w- c:\windows\system32\1716~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\5B50~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\2A1D~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\#7370~1
    2013-02-09 02:13 . 2013-02-09 02:13 -------- d-----w- c:\windows\system32\5975~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\96DC~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\3D23~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\)E828~1
    2013-02-09 02:02 . 2013-02-09 02:02 -------- d-----w- c:\windows\system32\B2B6~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\6CD1~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\1645~1
    2013-02-09 01:52 . 2013-02-09 01:52 -------- d-----w- c:\windows\system32\2420~1
    2013-02-09 01:20 . 2013-02-09 01:20 -------- d-----w- c:\windows\system32\2D54~1
    2013-02-09 00:17 . 2013-02-09 00:17 -------- d-----w- c:\windows\system32\DC99~1
    2013-02-09 00:05 . 2013-02-09 00:05 -------- d-----w- c:\windows\system32\0811~1
    2013-02-09 00:00 . 2013-02-09 00:00 -------- d-----w- c:\windows\system32\3884~1
    2013-02-08 23:34 . 2013-02-08 23:34 -------- d-----w- c:\windows\system32\8D20~1
    2013-02-08 11:27 . 2013-02-08 11:27 -------- d-----w- c:\users\LD\AppData\Local\FLT
    2013-02-07 05:35 . 2013-02-07 05:35 -------- d-----w- c:\users\LD\AppData\Roaming\The Creative Assembly
    2013-02-07 04:59 . 2013-02-07 04:59 -------- d-----w- c:\program files\OpenAL
    2013-02-07 04:59 . 2013-02-07 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-07 04:59 . 2013-02-07 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-07 04:33 . 2013-02-07 04:52 -------- d-----w- c:\program files\Baldur's Gate - Enhanced Edition
    2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\program files\Microprose
    2013-02-06 18:28 . 2013-02-06 18:28 -------- d-----w- c:\windows\system32\FAC5~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\D5DC~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\2743~1
    2013-02-06 17:46 . 2013-02-06 17:46 -------- d-----w- c:\windows\system32\1C74~1
    2013-02-06 17:05 . 2013-02-06 18:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-02-06 10:49 . 2013-02-06 10:49 -------- d-----w- c:\users\LD\AppData\Roaming\ValuSoft
    2013-02-03 03:45 . 2013-02-03 03:45 -------- d-----w- c:\windows\system32\630C~1
    2013-02-01 01:20 . 2013-02-01 01:20 -------- d-----w- c:\windows\system32\B90F~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\6BCE~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\5C1D~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\%644E~1
    2013-01-30 19:57 . 2013-01-30 19:57 -------- d-----w- c:\windows\system32\BEAF~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\4014~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\13DD~1
    2013-01-28 03:36 . 2013-01-28 03:36 -------- d-----w- c:\windows\system32\1932~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\B92B~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\1078~1
    2013-01-27 05:14 . 2013-01-27 05:14 -------- d-----w- c:\windows\system32\3F81~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\7A40~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\14CC~1
    2013-01-27 05:05 . 2013-01-27 05:05 -------- d-----w- c:\windows\system32\4511~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\DE95~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\4713~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\$AB1C~1
    2013-01-26 21:37 . 2013-01-26 21:37 -------- d-----w- c:\windows\system32\F525~1
    2013-01-26 19:55 . 2013-01-26 19:55 -------- d-----w- c:\windows\system32\CA8A~1
    2013-01-26 02:19 . 2013-01-26 02:19 -------- d-----w- c:\windows\system32\899C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\872C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\7A9B~1
    2013-01-26 02:11 . 2013-01-26 02:11 -------- d-----w- c:\windows\system32\4030~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\AD8A~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\5E72~1
    2013-01-25 20:25 . 2013-01-25 20:25 -------- d-----w- c:\windows\system32\AEDF~1
    2013-01-25 19:50 . 2013-01-25 19:50 -------- d-----w- c:\windows\system32\)0025~1
    2013-01-25 16:32 . 2013-01-25 16:32 -------- d-----w- c:\windows\system32\ADF4~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\FC3E~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\7490~1
    2013-01-25 11:19 . 2013-01-25 11:19 -------- d-----w- c:\windows\system32\2B79~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\A1A4~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\9A56~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\_BA71~1
    2013-01-24 17:56 . 2013-02-02 03:01 -------- d-----w- c:\users\LD\AppData\Roaming\Tropico 4
    2013-01-24 17:53 . 2007-07-20 08:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
    2013-01-24 17:48 . 2013-01-24 17:48 -------- d-----w- c:\program files\Kalypso Media
    2013-01-24 15:24 . 2013-01-24 15:24 -------- d-----w- c:\windows\system32\3AA0~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\9517~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\6198~1
    2013-01-24 11:05 . 2013-01-24 11:05 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-24 10:56 . 2013-01-24 10:56 -------- d-----w- C:\Scenario
    2013-01-21 20:10 . 2013-01-21 20:10 -------- d-----w- c:\users\LD\AppData\Roaming\Microsoft Games
    2013-01-21 19:42 . 2013-01-21 19:42 -------- d-----w- c:\windows\system32\3883~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\9352~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\29D9~1
    2013-01-20 23:10 . 2013-01-20 23:10 -------- d-----w- c:\windows\system32\FA07~1
    2013-01-20 23:08 . 2000-06-26 19:57 202240 ----a-w- c:\windows\system32\ir32c30d.rra
    2013-01-20 23:08 . 2000-06-23 22:06 192000 ----a-w- c:\windows\system32\iac2c3d8.rra
    2013-01-20 23:08 . 2000-06-23 22:05 136704 ----a-w- c:\windows\system32\iacenc.dll
    2013-01-20 23:08 . 2000-06-23 18:36 745984 ----a-w- c:\windows\system32\ir50c3f7.rra
    2013-01-20 23:08 . 2000-06-23 02:11 145408 ----a-w- c:\windows\system32\Ivfsc4e1.rra
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-17 18:44 . 2012-06-04 04:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-17 18:44 . 2012-06-04 04:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-15 12:04 . 2012-08-29 14:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-17 01:44 . 2013-01-17 01:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-01-05 19:22 . 2013-01-05 19:22 44144 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-15 00:49 . 2012-11-09 20:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26 . 2013-01-09 18:38 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 18:38 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 10:46 . 2013-01-09 18:38 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 10:46 . 2013-01-09 18:38 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 10:46 . 2013-01-09 18:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 18:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 18:38 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 18:38 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 10:46 . 2013-01-09 18:38 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 55296 ----a-w- c:\windows\system32\cero.rs
    2012-11-30 04:47 . 2013-01-09 18:37 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 02:55 . 2013-01-09 18:37 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38 . 2013-01-09 18:37 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:48 . 2013-01-14 20:26 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45 . 2013-01-09 18:38 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-02-06 04:16 . 2013-02-06 04:15 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\DeleteOnReboot.bat ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 115
    Created time: 2013-02-18 16:51
    Modified time: 2013-02-18 16:51
    MD5: ACE9A9DDA4DA4D15F16EB65C257DDCE5
    SHA1: D4FDEEF767CDF9819EAA6FD3E7BEDCD04CB3EB8B
    .
    ---- Directory of c:\windows\system32\#7370~1 ----
    .
    .
    ---- Directory of c:\windows\system32\$AB1C~1 ----
    .
    .
    ---- Directory of c:\windows\system32\%644E~1 ----
    .
    .
    ---- Directory of c:\windows\system32\02FD~1 ----
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{DF9B4417-4C12-4823-9C1B-E50C270C3626}"
    [HKEY_CLASSES_ROOT\CLSID\{DF9B4417-4C12-4823-9C1B-E50C270C3626}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-12 2456576]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
    "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-02-02 1051264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Users^LD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\LD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-05-10 04:15 116648 ----atw- c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\LD\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-05-25 11:25 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    2012-08-20 23:13 27040888 ----a-w- c:\program files\ooVoo\ooVoo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
    2011-09-09 11:37 247016 ----a-w- c:\program files\CyberLink\YouCam\YouCamService.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    .
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [x]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
    S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgldx86
    *Deregistered* - Avglogx
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 18:44]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000Core.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000UA.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    FF - ProfilePath - c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - ExtSQL: 2013-02-06 10:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
    5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a6,8f,d9,d7,ea,0d,ce,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5848)
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    .
    Completion time: 2013-02-18 12:32:03
    ComboFix-quarantined-files.txt 2013-02-18 20:32
    ComboFix2.txt 2013-02-18 18:09
    .
    Pre-Run: 87,941,742,592 bytes free
    Post-Run: 87,897,821,184 bytes free
    .
    - - End Of File - - DB337F1CBE576361CFE0E89340BC46C0





    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.18.10

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    LD :: LD-PC [administrator]

    2/18/2013 12:33:00 PM
    mbam-log-2013-02-18 (12-33-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205273
    Time elapsed: 4 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    Folder::
    c:\windows\system32\*~1
    File::
    c:\windows\DeleteOnReboot.bat
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Let me see those logs...

    Kevin..
     
  9. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Ok sir once again complete on tasks. Starting with the checkup log then the eset scan follwed by the combo.


    Results of screen317's Security Check version 0.99.58
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    AVG PC TuneUp Language Pack (en-US)
    CCleaner
    JavaFX 2.1.1
    Java 7 Update 9
    Java version out of Date!
    Adobe Flash Player 11.6.602.168
    Adobe Reader 8 Adobe Reader out of Date!
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox (18.0.2)
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    The 2 threats found from the scan:

    C:\Users\LD\Downloads\Programs\Daemon Tools Lite 4.46.1.0327.exe Win32/OpenCandy application
    C:\Users\LD\Downloads\Programs\Games\Angry Birds\angry.birds.all-patch.offline.v1.3.exe a variant of Win32/HackTool.Patcher.AD application




    ComboFix 13-02-18.02 - LD 02/18/2013 13:36:12.4.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1919 [GMT -8:00]
    Running from: c:\users\LD\Desktop\ComboFix.exe
    Command switches used :: c:\users\LD\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\DeleteOnReboot.bat"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\DeleteOnReboot.bat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-18 21:47 . 2013-02-18 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-18 16:53 . 2013-02-18 16:53 -------- d-----w- c:\windows\system32\BBE9~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\711D~1
    2013-02-18 16:51 . 2013-02-18 16:51 -------- d-----w- c:\windows\system32\2452~1
    2013-02-18 15:15 . 2013-02-18 15:15 -------- d-----w- c:\users\Default\AppData\Local\visi_coupon
    2013-02-16 20:26 . 2013-02-16 20:26 -------- d-----w- c:\windows\system32\668F~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\421B~1
    2013-02-16 18:53 . 2013-02-16 18:53 -------- d-----w- c:\windows\system32\3FAD~1
    2013-02-16 06:14 . 2013-02-16 06:14 -------- d-----w- c:\windows\system32\8DEE~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\Y2991~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\D418~1
    2013-02-16 01:06 . 2013-02-16 01:06 -------- d-----w- c:\windows\system32\006A~1
    2013-02-15 23:21 . 2013-02-15 23:21 -------- d-----w- c:\windows\system32\C5B2~1
    2013-02-15 21:00 . 2013-02-15 21:00 -------- d-----w- c:\windows\system32\9FDA~1
    2013-02-15 17:53 . 2013-02-15 17:53 40507 ------w- c:\program files\Microsoft Games\Age of Empires II\DPLAY61A.EXE
    2013-02-15 12:18 . 2013-02-15 12:18 -------- d-----w- c:\windows\system32\AA4C~1
    2013-02-15 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 21:47 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 21:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-14 21:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-14 21:47 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 21:47 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-14 21:47 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-14 16:34 . 2013-02-14 16:34 -------- d-----w- c:\windows\system32\EAB3~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\8697~1
    2013-02-14 16:33 . 2013-02-14 16:33 -------- d-----w- c:\windows\system32\4A80~1
    2013-02-14 04:45 . 2013-02-14 04:45 -------- d-----w- c:\windows\system32\937E~1
    2013-02-13 22:45 . 2013-02-13 22:45 -------- d-----w- c:\windows\system32\71F0~1
    2013-02-13 20:12 . 2013-02-13 20:12 -------- d-----w- c:\windows\system32\1A99~1
    2013-02-13 15:45 . 2013-02-13 15:45 -------- d-----w- c:\windows\system32\7C41~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\'E600~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\5A57~1
    2013-02-13 15:44 . 2013-02-13 15:44 -------- d-----w- c:\windows\system32\3C0F~1
    2013-02-12 18:43 . 2013-02-12 18:43 -------- d-----w- c:\windows\system32\981E~1
    2013-02-12 10:06 . 2013-02-12 10:06 -------- d-----w- c:\windows\system32\F309~1
    2013-02-11 17:54 . 2013-02-11 17:54 -------- d-----w- c:\windows\system32\B7E2~1
    2013-02-09 17:07 . 2013-02-09 17:07 -------- d-----w- c:\windows\system32\1716~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\5B50~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\2A1D~1
    2013-02-09 17:06 . 2013-02-09 17:06 -------- d-----w- c:\windows\system32\#7370~1
    2013-02-09 02:13 . 2013-02-09 02:13 -------- d-----w- c:\windows\system32\5975~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\96DC~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\3D23~1
    2013-02-09 02:09 . 2013-02-09 02:09 -------- d-----w- c:\windows\system32\)E828~1
    2013-02-09 02:02 . 2013-02-09 02:02 -------- d-----w- c:\windows\system32\B2B6~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\6CD1~1
    2013-02-09 02:00 . 2013-02-09 02:00 -------- d-----w- c:\windows\system32\1645~1
    2013-02-09 01:52 . 2013-02-09 01:52 -------- d-----w- c:\windows\system32\2420~1
    2013-02-09 01:20 . 2013-02-09 01:20 -------- d-----w- c:\windows\system32\2D54~1
    2013-02-09 00:17 . 2013-02-09 00:17 -------- d-----w- c:\windows\system32\DC99~1
    2013-02-09 00:05 . 2013-02-09 00:05 -------- d-----w- c:\windows\system32\0811~1
    2013-02-09 00:00 . 2013-02-09 00:00 -------- d-----w- c:\windows\system32\3884~1
    2013-02-08 23:34 . 2013-02-08 23:34 -------- d-----w- c:\windows\system32\8D20~1
    2013-02-08 11:27 . 2013-02-08 11:27 -------- d-----w- c:\users\LD\AppData\Local\FLT
    2013-02-07 05:35 . 2013-02-07 05:35 -------- d-----w- c:\users\LD\AppData\Roaming\The Creative Assembly
    2013-02-07 04:59 . 2013-02-07 04:59 -------- d-----w- c:\program files\OpenAL
    2013-02-07 04:59 . 2013-02-07 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-07 04:59 . 2013-02-07 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-07 04:33 . 2013-02-07 04:52 -------- d-----w- c:\program files\Baldur's Gate - Enhanced Edition
    2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\program files\Microprose
    2013-02-06 18:28 . 2013-02-06 18:28 -------- d-----w- c:\windows\system32\FAC5~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\D5DC~1
    2013-02-06 18:26 . 2013-02-06 18:26 -------- d-----w- c:\windows\system32\2743~1
    2013-02-06 17:46 . 2013-02-06 17:46 -------- d-----w- c:\windows\system32\1C74~1
    2013-02-06 17:05 . 2013-02-06 18:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-02-06 10:49 . 2013-02-06 10:49 -------- d-----w- c:\users\LD\AppData\Roaming\ValuSoft
    2013-02-03 03:45 . 2013-02-03 03:45 -------- d-----w- c:\windows\system32\630C~1
    2013-02-01 01:20 . 2013-02-01 01:20 -------- d-----w- c:\windows\system32\B90F~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\6BCE~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\5C1D~1
    2013-02-01 01:16 . 2013-02-01 01:16 -------- d-----w- c:\windows\system32\%644E~1
    2013-01-30 19:57 . 2013-01-30 19:57 -------- d-----w- c:\windows\system32\BEAF~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\4014~1
    2013-01-30 19:55 . 2013-01-30 19:55 -------- d-----w- c:\windows\system32\13DD~1
    2013-01-28 03:36 . 2013-01-28 03:36 -------- d-----w- c:\windows\system32\1932~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\B92B~1
    2013-01-27 23:48 . 2013-01-27 23:48 -------- d-----w- c:\windows\system32\1078~1
    2013-01-27 05:14 . 2013-01-27 05:14 -------- d-----w- c:\windows\system32\3F81~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\7A40~1
    2013-01-27 05:10 . 2013-01-27 05:10 -------- d-----w- c:\windows\system32\14CC~1
    2013-01-27 05:05 . 2013-01-27 05:05 -------- d-----w- c:\windows\system32\4511~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\DE95~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\4713~1
    2013-01-27 03:34 . 2013-01-27 03:34 -------- d-----w- c:\windows\system32\$AB1C~1
    2013-01-26 21:37 . 2013-01-26 21:37 -------- d-----w- c:\windows\system32\F525~1
    2013-01-26 19:55 . 2013-01-26 19:55 -------- d-----w- c:\windows\system32\CA8A~1
    2013-01-26 02:19 . 2013-01-26 02:19 -------- d-----w- c:\windows\system32\899C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\872C~1
    2013-01-26 02:14 . 2013-01-26 02:14 -------- d-----w- c:\windows\system32\7A9B~1
    2013-01-26 02:11 . 2013-01-26 02:11 -------- d-----w- c:\windows\system32\4030~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\AD8A~1
    2013-01-26 01:13 . 2013-01-26 01:13 -------- d-----w- c:\windows\system32\5E72~1
    2013-01-25 20:25 . 2013-01-25 20:25 -------- d-----w- c:\windows\system32\AEDF~1
    2013-01-25 19:50 . 2013-01-25 19:50 -------- d-----w- c:\windows\system32\)0025~1
    2013-01-25 16:32 . 2013-01-25 16:32 -------- d-----w- c:\windows\system32\ADF4~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\FC3E~1
    2013-01-25 13:04 . 2013-01-25 13:04 -------- d-----w- c:\windows\system32\7490~1
    2013-01-25 11:19 . 2013-01-25 11:19 -------- d-----w- c:\windows\system32\2B79~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\A1A4~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\9A56~1
    2013-01-25 11:17 . 2013-01-25 11:17 -------- d-----w- c:\windows\system32\_BA71~1
    2013-01-24 17:56 . 2013-02-02 03:01 -------- d-----w- c:\users\LD\AppData\Roaming\Tropico 4
    2013-01-24 17:53 . 2007-07-20 08:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
    2013-01-24 17:48 . 2013-01-24 17:48 -------- d-----w- c:\program files\Kalypso Media
    2013-01-24 15:24 . 2013-01-24 15:24 -------- d-----w- c:\windows\system32\3AA0~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\9517~1
    2013-01-24 15:22 . 2013-01-24 15:22 -------- d-----w- c:\windows\system32\6198~1
    2013-01-24 11:05 . 2013-01-24 11:05 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-24 10:56 . 2013-01-24 10:56 -------- d-----w- C:\Scenario
    2013-01-21 20:10 . 2013-01-21 20:10 -------- d-----w- c:\users\LD\AppData\Roaming\Microsoft Games
    2013-01-21 19:42 . 2013-01-21 19:42 -------- d-----w- c:\windows\system32\3883~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\9352~1
    2013-01-21 19:23 . 2013-01-21 19:23 -------- d-----w- c:\windows\system32\29D9~1
    2013-01-20 23:10 . 2013-01-20 23:10 -------- d-----w- c:\windows\system32\FA07~1
    2013-01-20 23:08 . 2000-06-26 19:57 202240 ----a-w- c:\windows\system32\ir32c30d.rra
    2013-01-20 23:08 . 2000-06-23 22:06 192000 ----a-w- c:\windows\system32\iac2c3d8.rra
    2013-01-20 23:08 . 2000-06-23 22:05 136704 ----a-w- c:\windows\system32\iacenc.dll
    2013-01-20 23:08 . 2000-06-23 18:36 745984 ----a-w- c:\windows\system32\ir50c3f7.rra
    2013-01-20 23:08 . 2000-06-23 02:11 145408 ----a-w- c:\windows\system32\Ivfsc4e1.rra
    2013-01-20 23:08 . 2000-06-22 21:49 842240 ----a-w- c:\windows\system32\ir41c204.rra
    2013-01-20 23:08 . 2000-06-22 21:09 56320 ----a-w- c:\windows\system32\iyvu9_32.dll
    2013-01-20 18:46 . 2013-01-30 23:30 -------- d-----w- c:\program files\Common Files\InstallShield
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-18 20:57 . 2012-08-29 14:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-17 18:44 . 2012-06-04 04:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-17 18:44 . 2012-06-04 04:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 01:44 . 2013-01-17 01:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-01-05 19:22 . 2013-01-05 19:22 44144 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-15 00:49 . 2012-11-09 20:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26 . 2013-01-09 18:38 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 18:38 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 10:46 . 2013-01-09 18:38 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 10:46 . 2013-01-09 18:38 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 10:46 . 2013-01-09 18:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 18:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 18:38 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 18:38 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 10:46 . 2013-01-09 18:38 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 55296 ----a-w- c:\windows\system32\cero.rs
    2012-11-30 04:47 . 2013-01-09 18:37 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 02:55 . 2013-01-09 18:37 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38 . 2013-01-09 18:37 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-09 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:48 . 2013-01-14 20:26 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45 . 2013-01-09 18:38 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-02-06 04:16 . 2013-02-06 04:15 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{DF9B4417-4C12-4823-9C1B-E50C270C3626}"
    [HKEY_CLASSES_ROOT\CLSID\{DF9B4417-4C12-4823-9C1B-E50C270C3626}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-12 2456576]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
    "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-02-02 1051264]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-18 1151152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Users^LD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\LD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-05-10 04:15 116648 ----atw- c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\LD\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-05-25 11:25 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    2012-08-20 23:13 27040888 ----a-w- c:\program files\ooVoo\ooVoo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
    2011-09-09 11:37 247016 ----a-w- c:\program files\CyberLink\YouCam\YouCamService.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
    S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [x]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AVGLDX86
    *NewlyCreated* - AVGLOGX
    *NewlyCreated* - AVGMFX86
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 18:44]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000Core.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000UA.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={67BA2F65-2EDB-4E8E-9C9F-68402F081C75}&mid=1b7b2a4ac7fc47d09cf2b1a22fbc1606-c308dba8ee0d8461f49e9e935a206fbcb1eb4517&lang=en&ds=AVG&pr=fr&d=2013-02-18 12:58&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
    FF - ExtSQL: 2013-02-06 10:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-02-18 12:58; [email protected]; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
    5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a6,8f,d9,d7,ea,0d,ce,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-18 13:55:00
    ComboFix-quarantined-files.txt 2013-02-18 21:54
    ComboFix2.txt 2013-02-18 20:32
    ComboFix3.txt 2013-02-18 18:09
    .
    Pre-Run: 87,237,951,488 bytes free
    Post-Run: 87,238,221,824 bytes free
    .
    - - End Of File - - 08EB7F2CC83DA12FDF77C0D9175D83AD
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    OK, do the following:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    File::
    C:\Users\LD\Downloads\Programs\Games\Angry Birds\angry.birds.all-patch.offline.v1.3.exe
    c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll
    Folder::
    c:\windows\system32\FA07~1
    c:\windows\system32\3883~1
    c:\windows\system32\9352~1
    c:\windows\system32\29D9~1
    c:\windows\system32\3AA0~1
    c:\windows\system32\9517~1
    c:\windows\system32\6198~1
    c:\windows\system32\630C~1
    c:\windows\system32\B90F~1
    c:\windows\system32\6BCE~1
    c:\windows\system32\5C1D~1
    c:\windows\system32\%644E~1
    c:\windows\system32\BEAF~1
    c:\windows\system32\4014~1
    c:\windows\system32\13DD~1
    c\windows\system32\1932~1
    c:\windows\system32\B92B~1
    c:\windows\system32\1078~1
    c:\windows\system32\3F81~1
    c:\windows\system32\7A40~1
    c:\windows\system32\14CC~1
    c:\windows\system32\4511~1
    c:\windows\system32\DE95~1
    c:\windows\system32\4713~1
    c:\windows\system32\$AB1C~1
    c:\windows\system32\F525~1
    c:\windows\system32\CA8A~1
    c:\windows\system32\899C~1
    c:\windows\system32\872C~1
    c:\windows\system32\7A9B~1
    c:\windows\system32\4030~1
    c:\windows\system32\AD8A~1
    c:\windows\system32\5E72~1
    c:\windows\system32\AEDF~1
    c:\windows\system32\)0025~1
    c:\windows\system32\ADF4~1
    c:\windows\system32\FC3E~1
    c:\windows\system32\7490~1
    c:\windows\system32\2B79~1
    c:\windows\system32\A1A4~1
    c:\windows\system32\9A56~1
    c:\windows\system32\_BA71~1
    c:\windows\system32\FAC5~1
    c:\windows\system32\D5DC~1
    c:\windows\system32\2743~1
    c:\windows\system32\1C74~1
    c:\windows\system32\EAB3~1
    c:\windows\system32\8697~1
    c:\windows\system32\4A80~1
    c:\windows\system32\937E~1
    c:\windows\system32\71F0~1
    c:\windows\system32\1A99~1
    c:\windows\system32\7C41~1
    c:\windows\system32\'E600~1
    c:\windows\system32\5A57~1
    c:\windows\system32\3C0F~1
    c:\windows\system32\981E~1
    c:\windows\system32\F309~1
    c:\windows\system32\B7E2~1
    c:\windows\system32\1716~1
    c:\windows\system32\5B50~1
    c:\windows\system32\2A1D~1
    c:\windows\system32\#7370~1
    c:\windows\system32\5975~1
    c:\windows\system32\96DC~1
    c:\windows\system32\3D23~1
    c:\windows\system32\)E828~1
    c:\windows\system32\B2B6~1
    c:\windows\system32\6CD1~1
    c:\windows\system32\1645~1
    c:\windows\system32\2420~1
    c:\windows\system32\2D54~1
    c:\windows\system32\DC99~1
    c:\windows\system32\0811~1
    c:\windows\system32\3884~1
    c:\windows\system32\8D20~1
    c:\windows\system32\668F~1
    c:\windows\system32\421B~1
    c:\windows\system32\3FAD~1
    c:\windows\system32\8DEE~1
    c:\windows\system32\Y2991~1
    c:\windows\system32\D418~1
    c:\windows\system32\006A~1
    c:\windows\system32\C5B2~1
    c:\windows\system32\9FDA~1
    c:\windows\system32\BBE9~1
    c:\windows\system32\711D~1
    c:\windows\system32\2452~1
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    Registry::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=-
    [-HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [-HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [-HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for McAfee security scanner if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Start > Control Panel > Uninstall a Program > make sure all old versions of Java are removed..

    Post log from Combofix, also let me know if there are any remaining issues or concerns.

    Kevin
     
  11. Rocbeats

    Rocbeats Thread Starter

    Joined:
    Feb 14, 2013
    Messages:
    6
    Mr Kev, hello, hello, i have been away for some time but i have what you asked for........the....."LOG".. Call it my wishful/hopeful thinking that after i ran that last scan i noticed a difference in a few things (looks wise) in which made me believe that it was all for the good and a good status is the outcome. I also updated the programs but it seems this java version i have is unstable so i clicked it to disable. Shall i keep it this way or no? Here is the log


    ComboFix 13-02-26.01 - LD 02/28/2013 21:13:22.5.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1842 [GMT -8:00]
    Running from: c:\users\LD\Desktop\ComboFix.exe
    Command switches used :: c:\users\LD\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll"
    "c:\users\LD\Downloads\Programs\Games\Angry Birds\angry.birds.all-patch.offline.v1.3.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\'E600~1
    c:\windows\system32\#7370~1
    c:\windows\system32\$AB1C~1
    c:\windows\system32\%644E~1
    c:\windows\system32\)0025~1
    c:\windows\system32\)E828~1
    c:\windows\system32\_BA71~1
    c:\windows\system32\006A~1
    c:\windows\system32\0811~1
    c:\windows\system32\1078~1
    c:\windows\system32\13DD~1
    c:\windows\system32\14CC~1
    c:\windows\system32\1645~1
    c:\windows\system32\1716~1
    c:\windows\system32\1A99~1
    c:\windows\system32\1C74~1
    c:\windows\system32\2420~1
    c:\windows\system32\2452~1
    c:\windows\system32\2743~1
    c:\windows\system32\2743~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\29D9~1
    c:\windows\system32\2A1D~1
    c:\windows\system32\2A1D~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\2B79~1
    c:\windows\system32\2D54~1
    c:\windows\system32\3883~1
    c:\windows\system32\3884~1
    c:\windows\system32\3AA0~1
    c:\windows\system32\3C0F~1
    c:\windows\system32\3C0F~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\3D23~1
    c:\windows\system32\3F81~1
    c:\windows\system32\3FAD~1
    c:\windows\system32\3FAD~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\4014~1
    c:\windows\system32\4014~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\4030~1
    c:\windows\system32\421B~1
    c:\windows\system32\4511~1
    c:\windows\system32\4713~1
    c:\windows\system32\4A80~1
    c:\windows\system32\5975~1
    c:\windows\system32\5A57~1
    c:\windows\system32\5B50~1
    c:\windows\system32\5C1D~1
    c:\windows\system32\5E72~1
    c:\windows\system32\5E72~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\6198~1
    c:\windows\system32\6198~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\630C~1
    c:\windows\system32\668F~1
    c:\windows\system32\6BCE~1
    c:\windows\system32\6BCE~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\6CD1~1
    c:\windows\system32\711D~1
    c:\windows\system32\711D~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\71F0~1
    c:\windows\system32\7490~1
    c:\windows\system32\7490~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\7A40~1
    c:\windows\system32\7A40~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\7A9B~1
    c:\windows\system32\7A9B~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\7C41~1
    c:\windows\system32\8697~1
    c:\windows\system32\8697~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\872C~1
    c:\windows\system32\899C~1
    c:\windows\system32\8D20~1
    c:\windows\system32\8DEE~1
    c:\windows\system32\9352~1
    c:\windows\system32\9352~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\937E~1
    c:\windows\system32\9517~1
    c:\windows\system32\96DC~1
    c:\windows\system32\981E~1
    c:\windows\system32\9A56~1
    c:\windows\system32\9A56~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\9FDA~1
    c:\windows\system32\A1A4~1
    c:\windows\system32\AD8A~1
    c:\windows\system32\ADF4~1
    c:\windows\system32\AEDF~1
    c:\windows\system32\B2B6~1
    c:\windows\system32\B7E2~1
    c:\windows\system32\B90F~1
    c:\windows\system32\B92B~1
    c:\windows\system32\B92B~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\BBE9~1
    c:\windows\system32\BEAF~1
    c:\windows\system32\C5B2~1
    c:\windows\system32\CA8A~1
    c:\windows\system32\D418~1
    c:\windows\system32\D418~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\D5DC~1
    c:\windows\system32\DC99~1
    c:\windows\system32\DE95~1
    c:\windows\system32\DE95~1\Genie-Soft\GenieTimeLine\Jobs\{F4298088-7F22-4808-98AC-50A36B17C7A9}\BackupRunSettings.xml
    c:\windows\system32\EAB3~1
    c:\windows\system32\F309~1
    c:\windows\system32\F525~1
    c:\windows\system32\FA07~1
    c:\windows\system32\FAC5~1
    c:\windows\system32\FC3E~1
    c:\windows\system32\Y2991~1
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-01 to 2013-03-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-01 05:25 . 2013-03-01 05:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-03-01 05:25 . 2013-03-01 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-27 20:05 . 2013-02-27 20:05 -------- d-----w- c:\windows\system32\C65B~1
    2013-02-27 19:59 . 2013-02-27 19:59 -------- d-----w- c:\windows\system32\1A9A~1
    2013-02-27 05:17 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-02-27 05:17 . 2013-01-13 19:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-02-25 18:15 . 2013-02-25 18:15 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-25 18:15 . 2013-02-25 18:15 -------- d-----w- c:\program files\Java
    2013-02-23 03:06 . 2013-02-23 03:06 -------- d-----w- c:\windows\system32\EDBA~1
    2013-02-23 02:59 . 2013-02-23 02:59 -------- d-----w- c:\windows\system32\PPP~1
    2013-02-20 11:12 . 2013-02-20 11:12 -------- d-----w- c:\windows\system32\3AE1~1
    2013-02-20 11:08 . 2013-02-20 11:08 -------- d-----w- c:\windows\system32\1E90~1
    2013-02-20 11:07 . 2013-02-20 11:07 -------- d-----w- c:\windows\system32\ECA7~1
    2013-02-20 11:07 . 2013-02-20 11:07 -------- d-----w- c:\windows\system32\7C96~1
    2013-02-20 11:07 . 2013-02-20 11:07 -------- d-----w- c:\windows\system32\%AC8B~1
    2013-02-20 00:12 . 2013-02-20 00:12 -------- d-----w- c:\windows\system32\D5DC~2
    2013-02-20 00:09 . 2013-02-20 00:09 -------- d-----w- c:\windows\system32\3239~1
    2013-02-20 00:09 . 2013-02-20 00:09 -------- d-----w- c:\windows\system32\2540~1
    2013-02-20 00:09 . 2013-02-20 00:09 -------- d-----w- c:\windows\system32\1%DB7C~1
    2013-02-19 01:14 . 2013-02-19 01:14 -------- d-----w- c:\program files\BitTorrent
    2013-02-19 00:06 . 2013-02-19 00:06 -------- d-----w- c:\windows\system32\776F~1
    2013-02-19 00:05 . 2013-02-19 00:05 -------- d-----w- c:\windows\system32\FDE7~1
    2013-02-19 00:05 . 2013-02-19 00:05 -------- d-----w- c:\windows\system32\DC96~1
    2013-02-18 20:59 . 2013-02-18 20:59 -------- d-----w- c:\users\LD\AppData\Local\AVG SafeGuard toolbar
    2013-02-18 20:58 . 2013-02-18 20:58 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
    2013-02-18 20:58 . 2013-02-18 20:58 -------- d-----w- c:\program files\AVG SafeGuard toolbar
    2013-02-18 20:50 . 2013-02-18 20:50 -------- d-----w- c:\windows\system32\4B4E~1
    2013-02-18 20:49 . 2013-02-18 20:49 -------- d-----w- c:\windows\system32\B14C~1
    2013-02-18 20:49 . 2013-02-18 20:49 -------- d-----w- c:\windows\system32\1197~1
    2013-02-18 17:31 . 2013-02-18 17:31 -------- d-----w- c:\windows\system32\02FD~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\662E~1
    2013-02-18 17:30 . 2013-02-18 17:30 -------- d-----w- c:\windows\system32\04FD~1
    2013-02-18 17:20 . 2013-03-01 05:25 -------- d-----w- c:\users\LD\AppData\Local\temp
    2013-02-18 15:15 . 2013-02-18 15:15 -------- d-----w- c:\users\Default\AppData\Local\visi_coupon
    2013-02-15 17:53 . 2013-02-15 17:53 40507 ------w- c:\program files\Microsoft Games\Age of Empires II\DPLAY61A.EXE
    2013-02-15 12:18 . 2013-02-15 12:18 -------- d-----w- c:\windows\system32\AA4C~1
    2013-02-15 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 21:47 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-14 21:47 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-14 21:47 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-14 21:47 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-14 21:47 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-14 21:47 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-08 11:27 . 2013-02-08 11:27 -------- d-----w- c:\users\LD\AppData\Local\FLT
    2013-02-07 05:35 . 2013-02-07 05:35 -------- d-----w- c:\users\LD\AppData\Roaming\The Creative Assembly
    2013-02-07 04:59 . 2013-02-07 04:59 -------- d-----w- c:\program files\OpenAL
    2013-02-07 04:59 . 2013-02-07 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-07 04:59 . 2013-02-07 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-07 04:33 . 2013-02-07 04:52 -------- d-----w- c:\program files\Baldur's Gate - Enhanced Edition
    2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\program files\Microprose
    2013-02-06 17:05 . 2013-02-06 18:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-02-06 10:49 . 2013-02-06 10:49 -------- d-----w- c:\users\LD\AppData\Roaming\ValuSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-28 19:15 . 2012-06-04 04:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-28 19:15 . 2012-06-04 04:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-25 18:15 . 2012-07-19 21:19 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-25 18:15 . 2012-07-19 21:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-18 20:57 . 2012-08-29 14:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-17 01:44 . 2013-01-17 01:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-01-05 19:22 . 2013-01-05 19:22 44144 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-15 00:49 . 2012-11-09 20:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26 . 2013-01-09 18:38 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 18:38 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 10:46 . 2013-01-09 18:38 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 10:46 . 2013-01-09 18:38 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 10:46 . 2013-01-09 18:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 18:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 18:38 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 10:46 . 2013-01-09 18:38 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 18:38 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 10:46 . 2013-01-09 18:38 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 18:38 55296 ----a-w- c:\windows\system32\cero.rs
    2013-02-28 18:56 . 2013-02-28 18:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{DF9B4417-4C12-4823-9C1B-E50C270C3626}"
    [HKEY_CLASSES_ROOT\CLSID\{DF9B4417-4C12-4823-9C1B-E50C270C3626}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-03 02:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-12 2456576]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
    "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2013-02-19 6379888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
    "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-02-02 1051264]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-18 1151152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Users^LD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\LD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-05-10 04:15 116648 ----atw- c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\LD\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-05-25 11:25 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    2012-08-20 23:13 27040888 ----a-w- c:\program files\ooVoo\ooVoo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
    2011-09-09 11:37 247016 ----a-w- c:\program files\CyberLink\YouCam\YouCamService.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
    S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [x]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 19:15]
    .
    2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000Core.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    2013-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098961114-2498786294-426334595-1000UA.job
    - c:\users\LD\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 04:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={67BA2F65-2EDB-4E8E-9C9F-68402F081C75}&mid=1b7b2a4ac7fc47d09cf2b1a22fbc1606-c308dba8ee0d8461f49e9e935a206fbcb1eb4517&lang=en&ds=AVG&pr=fr&d=2013-02-18 12:58&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
    FF - ExtSQL: 2013-02-06 10:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\LD\AppData\Roaming\Mozilla\Firefox\Profiles\xejnmnln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-02-18 12:58; [email protected]; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a6,8f,d9,d7,ea,0d,ce,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-28 21:28:05
    ComboFix-quarantined-files.txt 2013-03-01 05:28
    ComboFix2.txt 2013-02-18 21:55
    ComboFix3.txt 2013-02-18 20:32
    ComboFix4.txt 2013-02-18 18:09
    .
    Pre-Run: 75,209,269,248 bytes free
    Post-Run: 75,194,777,600 bytes free
    .
    - - End Of File - - 4BDD0D8AFE5E8AC76B1DCA78FD9E297A
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    OK do the following:

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Next,

    Uninstall adwcleaner.exe
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall
    • Click Yes at Would you like to Uninstall Adwcleaner

    Next,

    Remove ESET online scanner (Only If installed):

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Next,

    Go here http://windows.microsoft.com/en-au/windows-vista/improve-performance-by-defragmenting-your-hard-disk follow the instructions and Defrag your hard drive.

    Let me know if those steps complete OK, also if any remaining issues or concerns....

    Kevin
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - High Usage Overheating
  1. aftabnawabsayyed
    Replies:
    0
    Views:
    384
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089515

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice