Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 Anti virus and friends [Closed]

Started by ckb1985 , Dec 20 2011 09:10 AM

  • This topic is locked This topic is locked

#1
ckb1985
Posted 20 December 2011 - 09:10 AM

ckb1985

    New Member

  • Member
  • Pip
  • 2 posts
Recently while working away I noticed the windows 7 antivirus 2012 non sense had just hijacked my machine. I had done battle with this particular foe before and thought I was ready to take it down again. From several days ago on my thumb drive I already had the appropriate registry fix and process killer so I could remove it with malwarebytes. So I proceeded and removed several objects using mbam reinstalled MSE so I could get that re-enabled and proceeded to scan and clean what it could find. I went three days with out incident untill yesterday when I noticed win 7 antivirus was back. I ran the regfix and process killer removed it again with mbam so I could get OTL to run. I ran OTL and here is my log. Any help that can be provided would be amazing.

OTL logfile created on: 12/20/2011 09:59:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

7.74 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 84.44% Memory free
15.48 Gb Paging File | 14.11 Gb Available in Paging File | 91.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.74 Gb Total Space | 849.85 Gb Free Space | 92.40% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Drive F: | 1.95 Gb Total Space | 1.95 Gb Free Space | 99.97% Space Free | Partition Type: FAT
Drive J: | 1.96 Gb Total Space | 0.23 Gb Free Space | 11.68% Space Free | Partition Type: FAT

Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 09:54:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/12/09 12:06:12 | 010,979,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/09 12:06:12 | 002,983,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/09 11:45:46 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/18 23:41:43 | 005,832,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2011/07/06 12:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/07/06 12:47:16 | 000,186,728 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe
PRC - [2011/07/06 12:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/06/06 11:55:32 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/31 22:17:30 | 000,253,952 | ---- | M] (KEDMI Scientific Computing) -- C:\Program Files (x86)\tinySpell\tinyspell.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/02/03 01:26:02 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:34:45 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e4c07ad13e6296b8d53db2ba87bccd3b\System.ServiceModel.ni.dll
MOD - [2011/10/12 02:29:17 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
MOD - [2011/10/12 02:28:57 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:28:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:28:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:28:37 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:28:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:28:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:28:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:28:20 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:28:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/18 23:41:43 | 000,083,800 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2011/07/06 12:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll
MOD - [2011/07/06 12:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL
MOD - [2011/07/06 12:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll
MOD - [2011/07/06 12:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/07/06 12:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/07/06 12:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/12 01:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2011/12/09 12:06:12 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/30 06:05:54 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/01/27 19:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011/01/27 19:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2011/01/07 10:30:17 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/30 00:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/12 01:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 00:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/01 07:54:22 | 000,097,280 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Svk2pl64.sys -- (Svk2pl)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 22:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/11/03 21:16:10 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2009/10/19 16:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 15:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "www.google.com"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "search.google.com"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 09:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 09:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 09:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 09:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 09:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 09:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/23 09:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/29 14:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/09/29 14:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/18 15:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r93ktmbf.default\extensions
[2011/03/23 13:25:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r93ktmbf.default\extensions\[email protected]
[2011/01/31 16:24:14 | 000,001,834 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r93ktmbf.default\searchplugins\bing.xml
[2011/12/20 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Click to call with Skype = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: Poppit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590CC9C6-A8CD-48C8-B2B0-3FAA841179F6}: DhcpNameServer = 24.92.226.11 24.92.226.12
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/08/26 10:34:38 | 000,000,090 | ---- | M] () - J:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 15:12:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/19 14:54:20 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\Windows\SysWow64\8lE3O5NB.com_
[2011/12/19 14:53:03 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/19 14:52:53 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\AppData\Local\hxi.exe
[2011/12/19 10:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/19 09:26:53 | 000,000,000 | ---D | C] -- C:\Windows\TempDCD49746-353B-6FC3-1E05-EBBCC5E2A4D7-Signatures
[2011/12/19 09:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/18 12:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/16 17:08:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/16 16:50:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/16 16:50:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/16 16:50:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/16 16:50:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/16 16:49:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/16 16:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2011/12/16 15:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/12/16 15:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 15:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 15:34:38 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/16 15:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/08 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Att3000build137
[2011/12/06 10:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCCard
[2011/12/06 10:40:00 | 000,000,000 | ---D | C] -- C:\iCCard
[2011/12/01 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\rendered projects
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
[1 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 09:59:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 09:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 09:58:27 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 09:53:48 | 000,797,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/20 09:53:48 | 000,672,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/20 09:53:48 | 000,126,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/20 09:34:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 09:24:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 09:24:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 09:12:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000UA.job
[2011/12/20 09:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/20 09:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/20 08:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/20 08:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/20 07:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/20 07:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/20 06:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/20 06:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/20 05:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/20 05:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/20 04:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/20 04:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/20 03:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/20 03:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/20 02:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/20 02:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/20 01:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/20 01:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/20 00:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/20 00:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/19 23:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/19 23:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/19 22:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/19 22:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/19 21:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/19 21:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/19 20:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/19 20:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/19 19:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3170685843-4262705979-1591337028-1000Core.job
[2011/12/19 19:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/19 19:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/19 18:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/19 18:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/19 17:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/19 17:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/19 16:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/19 16:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/19 14:57:38 | 000,009,198 | -HS- | M] () -- C:\Users\Chris\AppData\Local\107357r7j173a311h074m2lqw2t2
[2011/12/19 14:57:38 | 000,009,198 | -HS- | M] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
[2011/12/19 14:55:33 | 000,079,872 | ---- | M] (TWX Corp.) -- C:\Windows\SysWow64\8lE3O5NB.com_
[2011/12/19 14:55:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\T8N21F7j.dat
[2011/12/19 14:54:20 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\8lE3O5NB.com.b
[2011/12/19 10:03:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/19 10:03:08 | 000,811,368 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/17 01:00:34 | 000,000,514 | -H-- | M] () -- C:\Windows\tasks\Maglocks.com a division of Gravino Group, LLC 1315417664.job
[2011/12/16 15:34:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/16 15:33:19 | 000,010,692 | -HS- | M] () -- C:\Users\Chris\AppData\Local\6i63vt0p47v304
[2011/12/16 15:33:19 | 000,010,692 | -HS- | M] () -- C:\ProgramData\6i63vt0p47v304
[2011/12/16 11:13:46 | 001,690,132 | ---- | M] () -- C:\Users\Chris\Desktop\2011-TS-PriceList.pdf.1.pdf
[2011/12/15 03:21:22 | 000,392,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/08 10:39:12 | 000,107,344 | ---- | M] () -- C:\Users\Chris\Documents\cobracd1_5.irp
[2011/12/06 10:57:29 | 001,851,392 | ---- | M] () -- C:\Users\Chris\Desktop\iCCard.mdb
[2011/12/06 10:40:09 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\Management Center V6.9.lnk
[2011/12/01 11:04:16 | 000,064,797 | ---- | M] () -- C:\Users\Chris\Desktop\invoice sample.pdf
[2011/11/22 09:32:27 | 000,028,672 | ---- | M] () -- C:\Users\Chris\Desktop\Cobra Controls Product.DES
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
[1 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 14:54:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/19 14:54:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/19 14:54:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/19 14:54:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/19 14:54:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/19 14:54:39 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/19 14:54:39 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/19 14:54:38 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/19 14:54:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/19 14:54:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/19 14:54:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/19 14:54:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/19 14:54:36 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/19 14:54:35 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/19 14:54:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/19 14:54:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/19 14:54:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/19 14:54:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/19 14:54:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/19 14:54:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/19 14:54:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/19 14:54:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/19 14:54:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/19 14:54:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/19 14:54:31 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/19 14:54:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/19 14:54:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/19 14:54:29 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/19 14:54:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/19 14:54:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/19 14:54:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/19 14:54:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/19 14:54:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/19 14:54:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/19 14:54:26 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/19 14:54:26 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/19 14:54:25 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/19 14:54:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/19 14:54:24 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/19 14:54:24 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/19 14:54:23 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/19 14:54:23 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/19 14:54:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/19 14:54:22 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/19 14:54:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/19 14:54:21 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/19 14:54:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/19 14:54:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/19 14:52:58 | 000,009,198 | -HS- | C] () -- C:\Users\Chris\AppData\Local\107357r7j173a311h074m2lqw2t2
[2011/12/19 14:52:58 | 000,009,198 | -HS- | C] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
[2011/12/19 10:03:02 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/16 16:50:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/16 16:50:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/16 16:50:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/16 16:50:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/16 16:50:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 15:42:48 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\8lE3O5NB.com.b
[2011/12/16 15:41:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\T8N21F7j.dat
[2011/12/16 15:34:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/16 15:29:20 | 000,010,692 | -HS- | C] () -- C:\Users\Chris\AppData\Local\6i63vt0p47v304
[2011/12/16 15:29:20 | 000,010,692 | -HS- | C] () -- C:\ProgramData\6i63vt0p47v304
[2011/12/16 11:13:44 | 001,690,132 | ---- | C] () -- C:\Users\Chris\Desktop\2011-TS-PriceList.pdf.1.pdf
[2011/12/12 11:28:05 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/12/08 10:39:12 | 000,107,344 | ---- | C] () -- C:\Users\Chris\Documents\cobracd1_5.irp
[2011/12/06 10:40:09 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\Management Center V6.9.lnk
[2011/12/06 10:33:04 | 001,851,392 | ---- | C] () -- C:\Users\Chris\Desktop\iCCard.mdb
[2011/12/01 11:04:14 | 000,064,797 | ---- | C] () -- C:\Users\Chris\Desktop\invoice sample.pdf
[2011/11/22 09:32:26 | 000,028,672 | ---- | C] () -- C:\Users\Chris\Desktop\Cobra Controls Product.DES
[2010/11/09 12:48:19 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/09/22 08:19:48 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/09/22 08:19:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/09/22 08:19:48 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/09/22 08:19:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/09/22 08:19:48 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/09/22 08:19:48 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/09/22 08:19:48 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/09/22 08:19:48 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/09/22 08:19:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/09/22 08:19:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/09/22 08:19:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/09/22 08:19:48 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/09/22 08:19:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/09/22 08:19:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/09/22 08:19:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/09/22 08:19:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/09/16 12:58:54 | 000,033,134 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2010/09/16 12:20:14 | 000,008,192 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 10:26:08 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2010/09/16 10:24:00 | 000,811,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/16 08:19:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/08 19:41:17 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/07/08 19:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/28 20:17:52 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll

========== LOP Check ==========

[2010/12/14 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2011/01/05 11:06:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Desktop Apps
[2011/12/20 09:31:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2011/10/27 09:55:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2011/02/24 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Epson
[2011/01/17 14:24:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2011/11/18 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2010/10/01 12:27:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InfraRecorder
[2010/09/28 15:58:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Interact Commerce
[2011/10/17 13:59:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IrfanView
[2011/09/23 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LibreOffice
[2010/09/21 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2010/09/15 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PictureMover
[2010/10/15 09:16:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Search Settings
[2011/01/28 14:30:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2010/09/29 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Thunderbird
[2010/09/15 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2011/10/04 09:37:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tinySpell
[2011/01/25 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wireshark
[2011/12/20 00:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/20 04:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/20 05:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/20 05:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/20 06:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/20 06:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/20 07:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/20 07:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/20 08:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/20 08:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/20 09:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/20 00:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/20 09:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/20 01:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/19 15:12:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/19 15:12:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/19 16:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/19 16:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/19 17:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/19 17:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/19 18:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/19 18:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/19 19:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/20 01:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/19 19:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/19 20:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/19 20:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/19 21:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/19 21:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/19 22:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/19 22:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/19 23:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/19 23:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/20 02:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/20 02:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/20 03:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/20 03:12:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/20 04:12:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/12/17 01:00:34 | 000,000,514 | -H-- | M] () -- C:\Windows\Tasks\Maglocks.com a division of Gravino Group, LLC 1315417664.job
[2009/07/14 00:08:49 | 000,032,720 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
ckb1985
Posted 27 December 2011 - 08:35 AM

ckb1985

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
no changes in behavior yet still not right.
  • 0

#3
Essexboy
Posted 27 December 2011 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you never completely removed the infection - so it just restarted after a day or so

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/19 14:57:38 | 000,009,198 | -HS- | M] () -- C:\Users\Chris\AppData\Local\107357r7j173a311h074m2lqw2t2
    [2011/12/19 14:57:38 | 000,009,198 | -HS- | M] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
    [2011/12/19 14:55:33 | 000,079,872 | ---- | M] (TWX Corp.) -- C:\Windows\SysWow64\8lE3O5NB.com_
    [2011/12/19 14:55:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\T8N21F7j.dat
    [2011/12/19 14:54:20 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\8lE3O5NB.com.b
    [2011/12/16 15:33:19 | 000,010,692 | -HS- | M] () -- C:\Users\Chris\AppData\Local\6i63vt0p47v304
    [2011/12/16 15:33:19 | 000,010,692 | -HS- | M] () -- C:\ProgramData\6i63vt0p47v304
    [2011/12/19 14:52:58 | 000,009,198 | -HS- | C] () -- C:\Users\Chris\AppData\Local\107357r7j173a311h074m2lqw2t2
    [2011/12/19 14:52:58 | 000,009,198 | -HS- | C] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
    [2011/12/16 15:42:48 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\8lE3O5NB.com.b
    [2011/12/16 15:41:18 | 000,000,112 | ---- | C] () -- C:\ProgramData\T8N21F7j.dat
    [2011/12/16 15:29:20 | 000,010,692 | -HS- | C] () -- C:\Users\Chris\AppData\Local\6i63vt0p47v304
    [2011/12/16 15:29:20 | 000,010,692 | -HS- | C] () -- C:\ProgramData\6i63vt0p47v304

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN


Delete your current copy of combofix

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#4
Essexboy
Posted 31 December 2011 - 07:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP