[ETFoster]

Hello helpful gurus,

Avast keeps giving me the warning message C:\Windows\assembly\temp\U, Win32:DNSchanger-VJ [Trj] 80000032.$ over and over again with a few others that are removed in one scan. This one however, stays around along with conserv.dll. I've run Malwarebytes and Emsisoft Anti-Malware have been run with Malwarebytes picking up various random viruses which go away and different ones return for example:

c:\Users\User\local settings\application data\eei.exe (Trojan.ExeShell.Gen)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager)

etc....

and Emsisoft keeps spamming me with

(C:\Windows\assembly\temp\U\80000032.$(Trojan.Win32.Alureon!E2)
and C:\WINDOWS\ASSEMBLY\GAC_32\DESKTOP.INI Backdoor.Win32.ZAccess.AMN!E1)

This started mid Nov when I got hit with rogue viruses one after the other, some would fill up my memory with duplicated processes and some wiped out my icons and turned all my files hidden. There were also rootkits that came with whatever I got. I got rid of and fixed all that but I still have the 80000032.$ one which used to be 80000032.@. Dunno what the change means.
My computer now is noticeably slower and sometimes crashes or restarts, not to mention the random generation of different viruses to keep in check.
My windows firewall is completely disabled, the drivers for it are messed up or something.
Also occasionally when I would run a scan with Avast and delete files I reboot and windows won't open, missing %hs% "reinstalling the program might fix this problem". I had to do system recovery to be able to run windows.

Thanks ahead of time btw.



I attached an OTL Log called extras, I didn't know if that is needed, I couldn't attach the OTL LOG it was too big. I'm really sorry its so big I don't know why.
OTL Logs are here, I cut off the very end "LOP Check" bc it was really big and was just random file names:
example
[2011/11/10 16:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\a03sRVyoQZeApET
[2011/11/10 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\A0Svo4HWd8ZYkeB
[2011/11/10 16:42:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\A0ucbp4H6KfLgZj
[2011/11/10 16:14:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\A0ucS1bD3nHsJE8

OTL logfile created on: 12/10/2011 1:42:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.14 Gb Available Physical Memory | 52.97% Memory free
11.85 Gb Paging File | 8.22 Gb Available in Paging File | 69.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.64 Gb Total Space | 210.66 Gb Free Space | 36.53% Space Free | Partition Type: NTFS
Drive E: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 13:40:47 | 000,302,592 | ---- | M] () -- C:\32788R22FWJFW\cmd.3XE
PRC - [2011/12/10 13:31:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/12/07 09:27:35 | 003,318,672 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/21 22:13:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/06 21:23:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/04/27 08:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2010/10/01 09:05:55 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/10/01 09:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/09/22 12:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/09/06 14:40:10 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/06/24 18:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/17 10:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 15:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 09:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/04/19 22:56:28 | 000,060,416 | ---- | M] () -- C:\32788R22FWJFW\NirCmd.3XE
PRC - [2008/12/29 17:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/10 13:40:47 | 000,302,592 | ---- | M] () -- C:\32788R22FWJFW\cmd.3XE
MOD - [2011/10/24 00:39:50 | 000,071,680 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko6\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/10/17 18:09:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/17 15:52:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 15:51:57 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/17 15:51:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/17 15:51:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/17 15:51:18 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/17 15:51:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/17 15:50:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/17 15:50:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/17 15:50:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/17 15:50:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/06 21:23:42 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/02 14:53:04 | 000,028,160 | ---- | M] () -- C:\Users\User\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/26 23:01:42 | 000,077,312 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll
MOD - [2011/04/27 08:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2011/04/27 08:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2011/04/27 08:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files (x86)\Vuze\aereg.dll
MOD - [2011/03/15 19:28:30 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/01 05:33:21 | 002,539,440 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\ProductResources.dll
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/01 10:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2010/02/23 14:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 14:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 14:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 14:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009/11/02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/04/19 22:56:28 | 000,060,416 | ---- | M] () -- C:\32788R22FWJFW\NirCmd.3XE
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/07 16:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 16:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/12/17 03:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 17:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 15:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/09 07:24:55 | 002,996,272 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/09/21 22:13:00 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/01 09:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/09/06 14:36:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/09/06 14:36:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/03 04:01:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/10/03 04:01:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/23 20:05:31 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/06/17 13:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/06/17 13:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/05/16 18:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 18:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/03/04 21:19:45 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 03:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 04:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/06 15:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 04:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/02 10:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/10/07 18:33:10 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2011/03/18 10:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mercury.hend...endrix.edu/OWA/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mercury.hend...ndrix.edu/OWA/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: flvripper@harsha:1.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "58.246.200.114"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "58.246.200.114"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "58.246.200.114"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "207.36.231.28"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "207.36.231.28"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "207.36.231.28"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "207.36.231.28"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/30 18:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 10:36:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 10:36:42 | 000,000,000 | ---D | M]

[2010/12/03 19:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/12/03 19:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/10 00:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Screenshot Pimp) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{056d0610-e44d-11df-bccf-0800200c9a66}
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/11 10:35:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\[email protected]
[2011/11/11 10:35:46 | 000,000,000 | ---D | M] ("Karbon") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\flvripper@harsha
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\screencaptureelite@plugin
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\[email protected]
[2011/12/01 21:37:52 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\[email protected]
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\[email protected]
[2011/07/19 09:28:00 | 000,002,365 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\searchplugins\s-amazon.xml
[2011/06/19 00:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 10:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/11 10:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/11 10:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/30 18:25:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
[2011/09/06 21:23:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/27 12:46:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C955B5C-3A61-4740-AAB6-F5A918D4C247}: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA7F630-95C0-4461-BBFD-0F5CB0221D31}: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5FC1BD8-A104-4674-840C-0743DDB249FA}: DhcpNameServer = 216.134.244.11 216.134.224.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0356013-A75E-4D49-8003-544CF90B3A9E}: DhcpNameServer = 10.14.1.1 10.14.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 09:01:16 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0354c564-ec64-11df-abad-20cf305112c4}\Shell - "" = AutoRun
O33 - MountPoints2\{0354c564-ec64-11df-abad-20cf305112c4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{0354c564-ec64-11df-abad-20cf305112c4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{0354c564-ec64-11df-abad-20cf305112c4}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\{9eb418c0-b9f1-11df-ac27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb418c0-b9f1-11df-ac27-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/06 09:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 13:41:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/10 13:39:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/10 13:36:57 | 004,334,705 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/12/10 13:36:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/10 13:31:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/12/08 14:29:47 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Users\User\AppData\Local\dbc.exe
[2011/12/07 21:41:16 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Users\User\AppData\Local\eei.exe
[2011/11/27 16:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/11 18:55:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Skyrim
[2011/11/11 15:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/11 15:56:56 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/11 15:56:56 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/11 15:56:23 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/11 15:56:19 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/11 15:56:11 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/11 15:55:53 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/11 15:55:52 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/11 15:51:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/11 15:51:07 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/11 15:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/11 15:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/10 19:31:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/10 18:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/11/10 18:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/11/10 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Anti-Malware
[2011/11/10 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\A9eNoQLB03dTIA3
[2011/11/10 18:03:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\lRLhTqUCe
[2011/11/10 18:03:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\zS1ibD3on4m6W7E
[2011/11/10 18:03:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ZfEL8gTZqYwUrOt
[2011/11/10 18:03:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dwkUVrlOBx0c1v3
[2011/11/10 18:03:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GekIBrzONx0v2b3
[2011/11/10 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ozPNyxvS2b3
..................cut a bunch of the same general thing to make it smaller
[2011/11/10 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TEL8gqhXwUeBPy1
[2011/11/10 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\j3onFamH5JdLRqw
[2011/11/10 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\a8gqhXwkUeBPy1D
[2011/11/10 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qD3onFamHsJdLZh
[2011/11/10 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qD3onFamHsJdLRq
[2011/11/10 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\qD3onFamHsJdLgq
[2011/11/10 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\j3onFamH5JdLZhX
[2011/11/10 15:25:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\A0ucS1ibDoGHsJf
[2 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 13:41:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 13:37:23 | 004,334,705 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/12/10 13:36:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/10 13:31:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/12/10 11:43:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 11:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 11:18:21 | 001,394,377 | ---- | M] () -- C:\Users\User\Documents\BILLS-112s1867pcs.pdf
[2011/12/09 09:49:02 | 003,075,545 | ---- | M] () -- C:\Users\User\Documents\MR_III_2011_HalfYear_NatCat_Review.pdf
[2011/12/09 09:37:16 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 09:37:16 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 09:34:40 | 000,747,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/09 09:34:40 | 000,639,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/09 09:34:40 | 000,111,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/09 09:27:48 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 19:28:30 | 000,119,602 | ---- | M] () -- C:\Users\User\Documents\kbr-doc.pdf
[2011/12/07 11:01:41 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/06 22:47:55 | 000,007,598 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/12/06 17:00:12 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/12/06 15:11:08 | 000,019,857 | ---- | M] () -- C:\Users\User\Documents\rateconstants.pdf
[2011/12/06 14:21:48 | 000,288,717 | ---- | M] () -- C:\Users\User\Documents\SN1Kinetics2011.pdf
[2011/12/03 15:56:51 | 000,032,699 | ---- | M] () -- C:\Users\User\Documents\Exam4_Material.pdf
[2011/12/03 15:56:44 | 000,289,196 | ---- | M] () -- C:\Users\User\Documents\IRproblemSetKEY.pdf
[2011/12/03 15:56:38 | 000,340,123 | ---- | M] () -- C:\Users\User\Documents\IRproblemSet.pdf
[2011/12/03 12:52:45 | 000,303,964 | ---- | M] () -- C:\Users\User\Documents\ProblemSet4-2011.pdf
[2011/12/03 12:52:34 | 000,452,831 | ---- | M] () -- C:\Users\User\Documents\KEY-ProblemSet4-2011.pdf
[2011/12/03 12:51:56 | 000,170,179 | ---- | M] () -- C:\Users\User\Documents\KEY-Exam4Fall2010.pdf
[2011/12/03 12:51:43 | 001,753,940 | ---- | M] () -- C:\Users\User\Documents\Exam_4_2010.pdf
[2011/12/03 12:51:11 | 000,397,833 | ---- | M] () -- C:\Users\User\Documents\Sn1_LabLecture.pdf
[2011/12/03 12:50:49 | 000,262,853 | ---- | M] () -- C:\Users\User\Documents\12-LastLecture_11am.pdf
[2011/12/03 12:50:26 | 000,660,727 | ---- | M] () -- C:\Users\User\Documents\11-30_Elimination_11am.pdf
[2011/12/03 12:50:17 | 000,939,651 | ---- | M] () -- C:\Users\User\Documents\11-28SubstitutionSolvent_Nucleophiles_11am.pdf
[2011/12/03 12:50:06 | 000,843,877 | ---- | M] () -- C:\Users\User\Documents\11-21_SN2_11am.pdf
[2011/12/03 12:49:53 | 001,070,606 | ---- | M] () -- C:\Users\User\Documents\11-18StartChapter12_11am.pdf
[2011/12/03 12:49:36 | 000,650,472 | ---- | M] () -- C:\Users\User\Documents\11-16FinishChapter8_11am.pdf
[2011/12/03 12:49:12 | 000,854,529 | ---- | M] () -- C:\Users\User\Documents\11-14OxidativeAlkeneCleavage_11am.pdf
[2011/12/03 12:49:00 | 000,539,935 | ---- | M] () -- C:\Users\User\Documents\11-11Oxidation_11am.pdf
[2011/12/01 15:56:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/23 16:50:43 | 000,001,713 | ---- | M] () -- C:\Users\User\Desktop\TESV - Shortcut.lnk
[2011/11/21 19:31:39 | 000,512,422 | ---- | M] () -- C:\Users\User\Documents\jcsm.7.1.57.pdf
[2011/11/21 19:30:49 | 000,070,250 | ---- | M] () -- C:\Users\User\Documents\nihms-279100.pdf
[2011/11/21 19:24:08 | 001,136,903 | ---- | M] () -- C:\Users\User\Documents\407.pdf
[2011/11/21 19:22:27 | 000,162,565 | ---- | M] () -- C:\Users\User\Documents\653.pdf
[2011/11/21 19:22:08 | 000,075,458 | ---- | M] () -- C:\Users\User\Documents\18.pdf
[2011/11/21 17:39:27 | 000,002,281 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/11/21 17:39:27 | 000,001,653 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/11/21 17:39:27 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini
[2011/11/21 17:16:09 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/20 15:34:44 | 026,821,038 | ---- | M] () -- C:\Users\User\Desktop\ystery City Caught On Stunning Time-Lapse Video From Space Revealed To Be Mas.mp4
[2011/11/18 09:30:44 | 001,908,009 | ---- | M] () -- C:\Users\User\Documents\Epicatechin enhances fatigue resistance and oxidative.ppsx
[2011/11/10 19:31:21 | 000,000,683 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 18:33:41 | 000,001,121 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/11/10 18:33:41 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/11/10 17:28:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 15:23:26 | 004,988,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 11:18:21 | 001,394,377 | ---- | C] () -- C:\Users\User\Documents\BILLS-112s1867pcs.pdf
[2011/12/09 09:49:02 | 003,075,545 | ---- | C] () -- C:\Users\User\Documents\MR_III_2011_HalfYear_NatCat_Review.pdf
[2011/12/07 19:28:30 | 000,119,602 | ---- | C] () -- C:\Users\User\Documents\kbr-doc.pdf
[2011/12/06 15:11:08 | 000,019,857 | ---- | C] () -- C:\Users\User\Documents\rateconstants.pdf
[2011/12/03 15:56:51 | 000,032,699 | ---- | C] () -- C:\Users\User\Documents\Exam4_Material.pdf
[2011/12/03 15:56:44 | 000,289,196 | ---- | C] () -- C:\Users\User\Documents\IRproblemSetKEY.pdf
[2011/12/03 15:56:38 | 000,340,123 | ---- | C] () -- C:\Users\User\Documents\IRproblemSet.pdf
[2011/12/03 12:52:45 | 000,303,964 | ---- | C] () -- C:\Users\User\Documents\ProblemSet4-2011.pdf
[2011/12/03 12:52:34 | 000,452,831 | ---- | C] () -- C:\Users\User\Documents\KEY-ProblemSet4-2011.pdf
[2011/12/03 12:51:56 | 000,170,179 | ---- | C] () -- C:\Users\User\Documents\KEY-Exam4Fall2010.pdf
[2011/12/03 12:51:43 | 001,753,940 | ---- | C] () -- C:\Users\User\Documents\Exam_4_2010.pdf
[2011/12/03 12:51:11 | 000,397,833 | ---- | C] () -- C:\Users\User\Documents\Sn1_LabLecture.pdf
[2011/12/03 12:50:49 | 000,262,853 | ---- | C] () -- C:\Users\User\Documents\12-LastLecture_11am.pdf
[2011/12/03 12:50:26 | 000,660,727 | ---- | C] () -- C:\Users\User\Documents\11-30_Elimination_11am.pdf
[2011/12/03 12:50:17 | 000,939,651 | ---- | C] () -- C:\Users\User\Documents\11-28SubstitutionSolvent_Nucleophiles_11am.pdf
[2011/12/03 12:50:06 | 000,843,877 | ---- | C] () -- C:\Users\User\Documents\11-21_SN2_11am.pdf
[2011/12/03 12:49:53 | 001,070,606 | ---- | C] () -- C:\Users\User\Documents\11-18StartChapter12_11am.pdf
[2011/12/03 12:49:36 | 000,650,472 | ---- | C] () -- C:\Users\User\Documents\11-16FinishChapter8_11am.pdf
[2011/12/03 12:49:12 | 000,854,529 | ---- | C] () -- C:\Users\User\Documents\11-14OxidativeAlkeneCleavage_11am.pdf
[2011/12/03 12:49:00 | 000,539,935 | ---- | C] () -- C:\Users\User\Documents\11-11Oxidation_11am.pdf
[2011/11/29 12:06:00 | 000,288,717 | ---- | C] () -- C:\Users\User\Documents\SN1Kinetics2011.pdf
[2011/11/23 16:50:43 | 000,001,713 | ---- | C] () -- C:\Users\User\Desktop\TESV - Shortcut.lnk
[2011/11/21 19:31:38 | 000,512,422 | ---- | C] () -- C:\Users\User\Documents\jcsm.7.1.57.pdf
[2011/11/21 19:30:49 | 000,070,250 | ---- | C] () -- C:\Users\User\Documents\nihms-279100.pdf
[2011/11/21 19:24:07 | 001,136,903 | ---- | C] () -- C:\Users\User\Documents\407.pdf
[2011/11/21 19:22:27 | 000,162,565 | ---- | C] () -- C:\Users\User\Documents\653.pdf
[2011/11/21 19:22:07 | 000,075,458 | ---- | C] () -- C:\Users\User\Documents\18.pdf
[2011/11/20 15:34:43 | 026,821,038 | ---- | C] () -- C:\Users\User\Desktop\ystery City Caught On Stunning Time-Lapse Video From Space Revealed To Be Mas.mp4
[2011/11/18 09:30:44 | 001,908,009 | ---- | C] () -- C:\Users\User\Documents\Epicatechin enhances fatigue resistance and oxidative.ppsx
[2011/11/11 15:57:00 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/11 15:55:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/11 11:55:54 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2011/11/11 11:55:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/11 11:55:54 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/11/11 11:55:54 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/11/11 11:55:54 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/11/11 11:55:54 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/11/11 11:55:54 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/11 11:55:54 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Fort Zombie.lnk
[2011/11/11 11:55:54 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/11 11:55:54 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/11/11 11:55:54 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/11 11:55:54 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/11 11:55:54 | 000,001,267 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2011/11/11 11:55:54 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/11/11 11:55:54 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/11/11 11:55:54 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/11 11:55:54 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 11:55:54 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/11/11 11:55:54 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/11 11:55:54 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/11/11 11:55:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/11 11:55:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/11 11:55:45 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/11/11 11:55:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/11 11:55:45 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/11 11:55:45 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/11 11:55:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/11 11:55:44 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/11/11 11:55:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/11 11:55:44 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/11 11:55:44 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/11/11 11:55:44 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/11/11 11:55:44 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/11/11 11:55:44 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/11/11 11:55:44 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/11 11:55:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/11 11:55:44 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/11 11:55:44 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/11/11 11:55:44 | 000,001,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/11/11 11:55:44 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/11/11 11:55:44 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/11 11:55:44 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/11 11:55:44 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/11/10 19:31:21 | 000,000,683 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 18:33:41 | 000,001,121 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/10/12 17:49:22 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{058E71F9-096C-4F24-86D8-07CBF60D2085}
[2011/09/20 17:49:58 | 000,000,395 | ---- | C] () -- C:\Windows\Sniffy.ini
[2011/09/05 20:33:58 | 000,007,598 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/05/11 16:44:42 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{2FD53952-2E4E-4235-AA61-1F91CD0FB239}
[2011/04/24 18:25:04 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/09 22:21:45 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/06 18:31:53 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/06 18:31:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/06 18:31:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/11/03 18:02:24 | 000,196,828 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/03 03:17:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/02 08:12:08 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/10/02 08:02:03 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/10/01 05:34:00 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/09/06 14:36:30 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/06 14:36:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/06 14:36:30 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/09/06 14:36:30 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/09/06 14:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/09 01:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2010/02/09 01:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/28 23:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

Attached Files

•  Extras.Txt   68.88KB   143 downloads

[Advertisements]

Hello, ETFoster!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for ETFoster only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


In the future, do not run Combofix on your own without the supervision of one of our staff members. If you do so, it may lead to problems with the normal functionality of your computer.

I see you have run ComboFix. First, could you post the log cretaed by it in your next reply. It should be located at C:\ComboFix.txt.

[Nedklaw]

Hello, ETFoster!

I'm Nedklaw and I'll be glad to help you with your malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for ETFoster only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

• Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
• Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
• Be patient with me, logs can take some time to research and my life can mean that I'm busy.
• Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
• Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


In the future, do not run Combofix on your own without the supervision of one of our staff members. If you do so, it may lead to problems with the normal functionality of your computer.

I see you have run ComboFix. First, could you post the log cretaed by it in your next reply. It should be located at C:\ComboFix.txt.

[ETFoster]

Sorry I downloaded ComboFix to be prepared, but i didn't run the scanner until you posted. Here you go


ComboFix 11-12-10.01 - User 12/10/2011 16:51:13.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.3961 [GMT -6:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\User\Documents\~WRL0005.tmp
c:\users\User\Documents\~WRL2702.tmp
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 23:01 . 2011-12-10 23:01 7680 ----a-w- c:\windows\113652469.exe
2011-12-10 23:00 . 2011-12-10 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 13:36 . 2011-12-09 15:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B180943-5502-47AE-BA84-B5E79085E9EC}\offreg.dll
2011-12-09 13:35 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B180943-5502-47AE-BA84-B5E79085E9EC}\mpengine.dll
2011-11-30 15:18 . 2011-11-30 15:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-12 00:55 . 2011-11-12 00:55 -------- d-----w- c:\users\User\AppData\Local\Skyrim
2011-11-11 21:56 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-11 21:56 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-11 21:56 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-11 21:56 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-11 21:56 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-11 21:55 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-11 21:55 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-11 21:53 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 21:51 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-11 21:51 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-11 21:50 . 2011-11-15 02:36 -------- d-----w- c:\programdata\AVAST Software
2011-11-11 21:50 . 2011-11-15 02:36 -------- d-----w- c:\program files\AVAST Software
2011-11-11 00:33 . 2011-12-10 23:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-11-11 00:10 . 2011-11-11 00:10 -------- d-----w- c:\users\User\AppData\Roaming\A9eNoQLB03dTIA3
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\dwkUVrlOBx0c1v3
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\GekIBrzONx0v2b3
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\HwkUVelOBz0
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\BRZqhYXwkVlBz0c
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\cVrONtx0uSiDoGa
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\DYCwkUVrlBx
2011-11-11 00:03 . 2011-11-11 00:03 -------- d-----w- c:\users\User\AppData\Roaming\BVzONtxA0c2b3na
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\aRgqCkrNxu
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\GjUelIBtzcuDo
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\jBttPyS1vD
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\iWdEL8RZqXUltPy
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\IcS2bpaQH9TqCIr
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\b7ELgZhXwUBz0c1
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\IcS2iD3pnaHsKE9
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\IAcS2D3pnQ9TqYw
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\IA0ucS2iDp4Q6W7
2011-11-11 00:01 . 2011-11-11 00:01 -------- d-----w- c:\users\User\AppData\Roaming\cO7yLcKSR
2011-11-11 00:00 . 2011-11-11 00:00 -------- d-----w- c:\users\User\AppData\Roaming\BxFKCt1ivuyCEsi
2011-11-11 00:00 . 2011-11-11 00:00 -------- d-----w- c:\users\User\AppData\Roaming\JeVOxu2Dna6WEgq
2011-11-10 23:59 . 2011-11-10 23:59 -------- d-----w- c:\users\User\AppData\Roaming\hSobaQd8LTjCIzy
2011-11-10 23:59 . 2011-11-10 23:59 -------- d-----w- c:\users\User\AppData\Roaming\EjUelsQJ6E89XUl
2011-11-10 23:57 . 2011-11-10 23:57 -------- d-----w- c:\users\User\AppData\Roaming\cb3GQsKf9ZYkrNP
2011-11-10 23:57 . 2011-11-10 23:57 -------- d-----w- c:\users\User\AppData\Roaming\c3GQsKf9ZYkrNPc
2011-11-10 23:57 . 2011-11-10 23:57 -------- d-----w- c:\users\User\AppData\Roaming\jAvi3GQd7LTjeVO
2011-11-10 23:57 . 2011-11-10 23:57 -------- d-----w- c:\users\User\AppData\Roaming\A0Svo4HWd8ZYkeB
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\fF4amH5sW7E8R
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\BnF4amH5sJdLg
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\jqhYCwkUVlBx0
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\jjYekIVrzNx0c2b
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\jjYCekIVrOtAu2b
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\CCekIVrzOtAciDp
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\AXqjYCekIrOtAu2
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\dekIVrzON
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\CcF7hI1FsE9
2011-11-10 23:50 . 2011-11-10 23:50 -------- d-----w- c:\users\User\AppData\Roaming\BqzcnWTV03HEq
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\J8Tez0b5W9qItS3
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\aBumEXrumWXrvGK
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\K4sKhVz1b5E9Urx
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\bpJgXez1F5E9UrA
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\gqhYCwkUVlBx0c1
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\Gc2pJgXez1
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\gqhCwkUVrOtPySi
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\HrzzPxA1uSo
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\HrzzPNxA1vS
2011-11-10 23:49 . 2011-11-10 23:49 -------- d-----w- c:\users\User\AppData\Roaming\EpmGG5sQ6d
2011-11-10 23:48 . 2011-11-10 23:48 -------- d-----w- c:\users\User\AppData\Roaming\EbFvNwfvhiQgXUl
2011-11-10 23:48 . 2011-11-10 23:48 -------- d-----w- c:\users\User\AppData\Roaming\cQfwzuaRkPoQZUr
2011-11-10 23:43 . 2011-11-10 23:43 -------- d-----w- c:\users\User\AppData\Roaming\hrbWwyaZtnEU15h
2011-11-10 23:42 . 2011-11-10 23:42 -------- d-----w- c:\users\User\AppData\Roaming\Amm5Q6KfZhXjClB
2011-11-10 23:41 . 2011-11-10 23:41 -------- d-----w- c:\users\User\AppData\Roaming\euGReAp8Uy3
2011-11-10 23:41 . 2011-11-10 23:41 -------- d-----w- c:\users\User\AppData\Roaming\iooFa5W7E8RqYwU
2011-11-10 23:39 . 2011-11-10 23:39 -------- d-----w- c:\users\User\AppData\Roaming\fv3FaHs7E8RqY
2011-11-10 23:38 . 2011-11-10 23:38 -------- d-----w- c:\users\User\AppData\Roaming\GppmG5aJdK
2011-11-10 23:36 . 2011-11-10 23:36 -------- d-----w- c:\users\User\AppData\Roaming\a69kxbQLCN1afhl
2011-11-10 23:35 . 2011-11-10 23:35 -------- d-----w- c:\users\User\AppData\Roaming\GEELgqYwIrOtPuS
2011-11-10 23:34 . 2011-11-10 23:34 -------- d-----w- c:\users\User\AppData\Roaming\feeIVrrzOt0ucb3
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\bnnnF4mH5sJ7E8R
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\jQJJ6E8R9T
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\A555sQQJ6
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\brzzOONyxAv2b3n
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\bv2ooFm5Q6W
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\b11v2oFpGQ6
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\jrzzOONtx0
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\HBBz0c1DonFm5Q7
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\I1v2oFpHs
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\IA11iDD2n4pm5sJ
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\ilBx0c1v3n4m5W7
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\Jbbb3pnGaH6sK7E
2011-11-10 23:33 . 2011-11-10 23:33 -------- d-----w- c:\users\User\AppData\Roaming\cffELgqYYkIl
2011-11-10 23:31 . 2011-11-10 23:31 -------- d-----w- c:\users\User\AppData\Roaming\FbbF4mGGQJE8ZTw
2011-11-10 23:30 . 2011-11-10 23:30 -------- d-----w- c:\users\User\AppData\Roaming\Gnn4m5Q7E8ZhXjV
2011-11-10 23:29 . 2011-11-10 23:29 -------- d-----w- c:\users\User\AppData\Roaming\ha6W8R9TqUeIrOy
2011-11-10 23:28 . 2011-11-10 23:28 -------- d-----w- c:\users\User\AppData\Roaming\g11vv22bF4m
2011-11-10 23:27 . 2011-11-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\aRhXUeIrPyAuSoF
2011-11-10 23:26 . 2011-11-10 23:26 -------- d-----w- c:\users\User\AppData\Roaming\CeeItPyAuDb4m5Q
2011-11-10 23:25 . 2011-11-10 23:25 -------- d-----w- c:\users\User\AppData\Roaming\IddK8R9Tw
2011-11-10 23:24 . 2011-11-10 23:24 -------- d-----w- c:\users\User\AppData\Roaming\BgZhCkrOtP
2011-11-10 23:23 . 2011-11-10 23:23 -------- d-----w- c:\users\User\AppData\Roaming\C0ucS22b3n4H6W7
2011-11-10 23:22 . 2011-11-10 23:22 -------- d-----w- c:\users\User\AppData\Roaming\flllOOBtxPyc1iD
2011-11-10 23:21 . 2011-11-10 23:21 -------- d-----w- c:\users\User\AppData\Roaming\j55Q6W8R9TqUeIr
2011-11-10 23:20 . 2011-11-10 23:20 -------- d-----w- c:\users\User\AppData\Roaming\gBx0c1v3n4m5W7E
2011-11-10 23:19 . 2011-11-10 23:19 -------- d-----w- c:\users\User\AppData\Roaming\gNyycA1uvD2bFp
2011-11-10 23:18 . 2011-11-10 23:18 -------- d-----w- c:\users\User\AppData\Roaming\ffEEL99TqYwVlNx
2011-11-10 23:17 . 2011-11-10 23:17 -------- d-----w- c:\users\User\AppData\Roaming\dIIIzONtAu2b3n4
2011-11-10 23:16 . 2011-11-10 23:16 -------- d-----w- c:\users\User\AppData\Roaming\izPyAuDoFpGsJdK
2011-11-10 23:15 . 2011-11-10 23:15 -------- d-----w- c:\users\User\AppData\Roaming\HKK8fRhXjCkIrN
2011-11-10 23:14 . 2011-11-10 23:14 -------- d-----w- c:\users\User\AppData\Roaming\cqCkVzNx0c2b
2011-11-10 23:13 . 2011-11-10 23:13 -------- d-----w- c:\users\User\AppData\Roaming\iKK77fRL9gXYeVz
2011-11-10 23:12 . 2011-11-10 23:12 -------- d-----w- c:\users\User\AppData\Roaming\IeeelOBBzP0yA1v
2011-11-10 23:11 . 2011-11-10 23:11 -------- d-----w- c:\users\User\AppData\Roaming\G6W7E9TqYwVlNx0
2011-11-10 23:10 . 2011-11-10 23:10 -------- d-----w- c:\users\User\AppData\Roaming\ikkrzOONyxu2b3n
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\gonFamH5sJd8ZYk
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\ECekIVrzOtAci
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\GUVelItzNc
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\GSiD3Qs7LTjwVOx
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\Gc2i3pnaHWf9ZYk
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\h7dEK8g9XjVltNc
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\AzPNyc1voFms
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\jycS1ivD34m5W7E
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\hmH5sWJ7dLgZhXk
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\BkUVeOBtx0c1v3F
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\BkUVeOBtx0c1v34
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\aYXwkUVelB
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\User\AppData\Roaming\CQH6sWK7EgZjCkV
2011-11-10 23:08 . 2011-11-10 23:08 -------- d-----w- c:\users\User\AppData\Roaming\jYXwjUVetPyAuo4
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 23:00 . 2011-03-06 05:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-09-29 16:29 . 2011-11-09 13:40 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 13:40 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-28 02:10 . 2011-09-28 02:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-28 02:10 . 2011-09-28 02:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-28 02:10 . 2011-09-28 02:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-28 02:10 . 2011-09-28 02:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-28 02:10 . 2011-09-28 02:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-28 02:10 . 2011-09-28 02:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-28 02:10 . 2011-09-28 02:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-28 02:10 . 2011-09-28 02:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-28 02:10 . 2011-09-28 02:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-28 02:10 . 2011-09-28 02:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-28 02:10 . 2011-09-28 02:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-28 02:10 . 2011-09-28 02:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-28 02:10 . 2011-09-28 02:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-28 02:10 . 2011-09-28 02:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-28 02:10 . 2011-09-28 02:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-28 02:10 . 2011-09-28 02:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-28 02:10 . 2011-09-28 02:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-28 02:10 . 2011-09-28 02:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-28 02:10 . 2011-09-28 02:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-28 02:10 . 2011-09-28 02:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-28 02:10 . 2011-09-28 02:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-28 02:10 . 2011-09-28 02:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-28 02:10 . 2011-09-28 02:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-28 02:10 . 2011-09-28 02:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-28 02:10 . 2011-09-28 02:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-28 02:10 . 2011-09-28 02:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-28 02:10 . 2011-09-28 02:10 448512 ----a-w- c:\windows\system32\html.iec
2011-09-28 02:10 . 2011-09-28 02:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-28 02:10 . 2011-09-28 02:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-28 02:10 . 2011-09-28 02:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-28 02:10 . 2011-09-28 02:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-28 02:10 . 2011-09-28 02:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-28 02:10 . 2011-09-28 02:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-28 02:10 . 2011-09-28 02:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-28 02:10 . 2011-09-28 02:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-28 02:10 . 2011-09-28 02:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-28 02:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-28 02:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-22 04:13 . 2010-11-07 00:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-22 04:13 . 2010-11-07 00:31 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2011-12-07 3318672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-4-23 12862]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2010-04-26 16:37 1597440 ----a-w- c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-06 79360]
R3 GPU-Z;GPU-Z;c:\users\User\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-08 19952]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-09 2996272]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-10-01 3066528]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 16:04]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF12582.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mercury.hend...endrix.edu/OWA/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.14.1.1 10.14.1.2
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\
FF - prefs.js: browser.startup.homepage - hxxps://mercury.hendrix.edu/owa/auth/logon.aspx?replaceCurrent=1&reason=2&url=https%3a%2f%2fmercury.hendrix.edu%2fOWA%2f
FF - prefs.js: network.proxy.ftp - 207.36.231.28
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 207.36.231.28
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 207.36.231.28
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 207.36.231.28
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-77372372.sys
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d8,c9,03,c8,f0,7e,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Completion time: 2011-12-10 17:11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 23:11
.
Pre-Run: 231,758,655,488 bytes free
Post-Run: 231,465,046,016 bytes free
.
- - End Of File - - CA02A3ECC5295D619092B5EF0F739773

[ETFoster]

The 80000032.$ avast message has stopped so far but I got another conserv.dll alert. I also have the virus that makes you get the "Open with" dialogue box if u click on something without running as administrator. I think I should mention I'll be going home for the break, away from internet for possibly a while. I don't know whats up with more and different viruses getting me. Usually I can fix it on my own but not when it messes with the registry and windows files.

[Nedklaw]

Hi.
Whilst I am reviewing your logs, please could you perform the following steps:


Step 1

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.



On completion of the scan click save log, save it to your desktop and post it in your next reply.



Step 2

• Click on the Start button and then choose Control Panel.
• Click on the System and Security link.
  
  Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  
• In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
• In the Administrative Tools window, double-click on the Computer Management icon.
• When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
  
  After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
  
  Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.


Things I want to see in your next reply

• aswMBR.txt
• A screenshot of the Disk Management Window

[Nedklaw]

Hi.
In the future don't cut out any parts of logs because it means I could possibly not identify malware on your computer. The folders with random names are actually malware and part of the problem. Also, please refrain from attaching logs unless specifically asked to do so.


Step 1


Your computer has been infected by a backdoor Trojan. This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:

• Use another, clean computer to change all your internet passwords, especially your financial passwords like your banks, pay pal, eBay. Also change the passwords for any other sites that you use.
  
• Call your financial companies and tell them that your account may have been stolen and ask what you can do.
  
• Closely monitor all bank and credit card statements. If you do think that you are a victim of identity theft you can go to Defend: Recover From Identity Theft to learn more.

Step 2

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Keep the paid version of Webroot only if the subscription is up-to-date. If it isn't, uninstall it and keep one of the other free antivirus programs.

Uninstall Avast! Antivirus, Emsisoft Anti-Malware or Webroot AntiVirus with Spy Sweeper via:

• Control Panel
• Add/Remove Programs

Step 3

Please uninstall the followin programs via Control Panel > Add/Remove Programs (if present):

• FlashGet 1.9.6.1073
  
• FrostWire 4.21.3
• LimeWire 5.5.16
• PageRage 1.10.01
• Vuze
• Vuze Remote Toolbar

I recommend you remove your P2P programs, FrostWire, LimeWire and PageRage. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 4

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan).


Step 5

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File:: 
C:\Users\User\AppData\Local\dbc.exe
C:\Users\User\AppData\Local\eei.exe
c:\windows\113652469.exe
C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
C:\Users\Public\Desktop\Vuze.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
 
Folder:: 
c:\users\User\AppData\Roaming\A9eNoQLB03dTIA3
c:\users\User\AppData\Roaming\dwkUVrlOBx0c1v3
c:\users\User\AppData\Roaming\GekIBrzONx0v2b3
c:\users\User\AppData\Roaming\HwkUVelOBz0
c:\users\User\AppData\Roaming\BRZqhYXwkVlBz0c
c:\users\User\AppData\Roaming\cVrONtx0uSiDoGa
c:\users\User\AppData\Roaming\DYCwkUVrlBx
c:\users\User\AppData\Roaming\BVzONtxA0c2b3na
c:\users\User\AppData\Roaming\aRgqCkrNxu
c:\users\User\AppData\Roaming\GjUelIBtzcuDo
c:\users\User\AppData\Roaming\jBttPyS1vD
c:\users\User\AppData\Roaming\iWdEL8RZqXUltPy
c:\users\User\AppData\Roaming\IcS2bpaQH9TqCIr
c:\users\User\AppData\Roaming\b7ELgZhXwUBz0c1
c:\users\User\AppData\Roaming\IcS2iD3pnaHsKE9
c:\users\User\AppData\Roaming\IAcS2D3pnQ9TqYw
c:\users\User\AppData\Roaming\IA0ucS2iDp4Q6W7
c:\users\User\AppData\Roaming\cO7yLcKSR
c:\users\User\AppData\Roaming\BxFKCt1ivuyCEsi
c:\users\User\AppData\Roaming\JeVOxu2Dna6WEgq
c:\users\User\AppData\Roaming\hSobaQd8LTjCIzy
c:\users\User\AppData\Roaming\EjUelsQJ6E89XUl
c:\users\User\AppData\Roaming\cb3GQsKf9ZYkrNP
c:\users\User\AppData\Roaming\c3GQsKf9ZYkrNPc
c:\users\User\AppData\Roaming\jAvi3GQd7LTjeVO
c:\users\User\AppData\Roaming\A0Svo4HWd8ZYkeB
c:\users\User\AppData\Roaming\fF4amH5sW7E8R
c:\users\User\AppData\Roaming\BnF4amH5sJdLg
c:\users\User\AppData\Roaming\jqhYCwkUVlBx0
c:\users\User\AppData\Roaming\jjYekIVrzNx0c2b
c:\users\User\AppData\Roaming\jjYCekIVrOtAu2b
c:\users\User\AppData\Roaming\CCekIVrzOtAciDp
c:\users\User\AppData\Roaming\AXqjYCekIrOtAu2
c:\users\User\AppData\Roaming\dekIVrzON
c:\users\User\AppData\Roaming\CcF7hI1FsE9
c:\users\User\AppData\Roaming\BqzcnWTV03Heq
c:\users\User\AppData\Roaming\J8Tez0b5W9qItS3
c:\users\User\AppData\Roaming\aBumEXrumWXrvGK
c:\users\User\AppData\Roaming\K4sKhVz1b5E9Urx
c:\users\User\AppData\Roaming\bpJgXez1F5E9UrA
c:\users\User\AppData\Roaming\gqhYCwkUVlBx0c1
c:\users\User\AppData\Roaming\Gc2pJgXez1
c:\users\User\AppData\Roaming\gqhCwkUVrOtPySi
c:\users\User\AppData\Roaming\HrzzPxA1uSo
c:\users\User\AppData\Roaming\HrzzPNxA1vS
c:\users\User\AppData\Roaming\EpmGG5sQ6d
c:\users\User\AppData\Roaming\EbFvNwfvhiQgXUl
c:\users\User\AppData\Roaming\cQfwzuaRkPoQZUr
c:\users\User\AppData\Roaming\hrbWwyaZtnEU15h
c:\users\User\AppData\Roaming\Amm5Q6KfZhXjClB
c:\users\User\AppData\Roaming\euGReAp8Uy3
c:\users\User\AppData\Roaming\iooFa5W7E8RqYwU
c:\users\User\AppData\Roaming\fv3FaHs7E8RqY
c:\users\User\AppData\Roaming\GppmG5aJdK
c:\users\User\AppData\Roaming\a69kxbQLCN1afhl
c:\users\User\AppData\Roaming\GEELgqYwIrOtPuS
c:\users\User\AppData\Roaming\feeIVrrzOt0ucb3
c:\users\User\AppData\Roaming\bnnnF4mH5sJ7E8R
c:\users\User\AppData\Roaming\jQJJ6E8R9T
c:\users\User\AppData\Roaming\A555sQQJ6
c:\users\User\AppData\Roaming\brzzOONyxAv2b3n
c:\users\User\AppData\Roaming\bv2ooFm5Q6W
c:\users\User\AppData\Roaming\b11v2oFpGQ6
c:\users\User\AppData\Roaming\jrzzOONtx0
c:\users\User\AppData\Roaming\HBBz0c1DonFm5Q7
c:\users\User\AppData\Roaming\I1v2oFpHs
c:\users\User\AppData\Roaming\IA11iDD2n4pm5sJ
c:\users\User\AppData\Roaming\ilBx0c1v3n4m5W7
c:\users\User\AppData\Roaming\Jbbb3pnGaH6sK7E
c:\users\User\AppData\Roaming\cffELgqYYkIl
c:\users\User\AppData\Roaming\FbbF4mGGQJE8ZTw
c:\users\User\AppData\Roaming\Gnn4m5Q7E8ZhXjV
c:\users\User\AppData\Roaming\ha6W8R9TqUeIrOy
c:\users\User\AppData\Roaming\g11vv22bF4m
c:\users\User\AppData\Roaming\aRhXUeIrPyAuSoF
c:\users\User\AppData\Roaming\CeeItPyAuDb4m5Q
c:\users\User\AppData\Roaming\IddK8R9Tw
c:\users\User\AppData\Roaming\BgZhCkrOtP
c:\users\User\AppData\Roaming\C0ucS22b3n4H6W7
c:\users\User\AppData\Roaming\flllOOBtxPyc1iD
c:\users\User\AppData\Roaming\j55Q6W8R9TqUeIr
c:\users\User\AppData\Roaming\gBx0c1v3n4m5W7E
c:\users\User\AppData\Roaming\gNyycA1uvD2bFp
c:\users\User\AppData\Roaming\ffEEL99TqYwVlNx
c:\users\User\AppData\Roaming\dIIIzONtAu2b3n4
c:\users\User\AppData\Roaming\izPyAuDoFpGsJdK
c:\users\User\AppData\Roaming\HKK8fRhXjCkIrN
c:\users\User\AppData\Roaming\cqCkVzNx0c2b
c:\users\User\AppData\Roaming\iKK77fRL9gXYeVz
c:\users\User\AppData\Roaming\IeeelOBBzP0yA1v
c:\users\User\AppData\Roaming\G6W7E9TqYwVlNx0
c:\users\User\AppData\Roaming\ikkrzOONyxu2b3n
c:\users\User\AppData\Roaming\gonFamH5sJd8ZYk
c:\users\User\AppData\Roaming\ECekIVrzOtAci
c:\users\User\AppData\Roaming\GUVelItzNc
c:\users\User\AppData\Roaming\GSiD3Qs7LTjwVOx
c:\users\User\AppData\Roaming\Gc2i3pnaHWf9ZYk
c:\users\User\AppData\Roaming\h7dEK8g9XjVltNc
c:\users\User\AppData\Roaming\AzPNyc1voFms
c:\users\User\AppData\Roaming\jycS1ivD34m5W7E
c:\users\User\AppData\Roaming\hmH5sWJ7dLgZhXk
c:\users\User\AppData\Roaming\BkUVeOBtx0c1v3F
c:\users\User\AppData\Roaming\BkUVeOBtx0c1v34
c:\users\User\AppData\Roaming\aYXwkUVelB
c:\users\User\AppData\Roaming\CQH6sWK7EgZjCkV
c:\users\User\AppData\Roaming\jYXwjUVetPyAuo4
C:\Users\User\AppData\Roaming\lRLhTqUCe
C:\Users\User\AppData\Roaming\zS1ibD3on4m6W7E
C:\Users\User\AppData\Roaming\ZfEL8gTZqYwUrOt
C:\Users\User\AppData\Roaming\ozPNyxvS2b3
C:\Users\User\AppData\Roaming\TEL8gqhXwUeBPy1
C:\Users\User\AppData\Roaming\j3onFamH5JdLRqw
C:\Users\User\AppData\Roaming\a8gqhXwkUeBPy1D
C:\Users\User\AppData\Roaming\qD3onFamHsJdLZh
C:\Users\User\AppData\Roaming\qD3onFamHsJdLRq
C:\Users\User\AppData\Roaming\qD3onFamHsJdLgq
C:\Users\User\AppData\Roaming\j3onFamH5JdLZhX
C:\Users\User\AppData\Roaming\A0ucS1ibDoGHsJf
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore 

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=-

Save this as CFScript.txt, in the same location as ComboFix.exe.




Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 6

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer 3 options.
• Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

• exehelperlog.txt
• ComboFix.txt
• TDSSKiller.[Version]_[Date]_[Time]_log.txt

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.